Date: Fri, 07 Feb 1997 14:24:56 +0100 From: Eivind Eklund <eivind@dimaga.com> To: "Jordan K. Hubbard" <jkh@freefall.freebsd.org> Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-sbin@freefall.freebsd.org Subject: Re: cvs commit: src/sbin/dump main.c Message-ID: <3.0.32.19970207142455.00ba1150@dimaga.com>
next in thread | raw e-mail | index | archive | help
At 10:20 PM 2/6/97 -0800, Jordan K. Hubbard wrote: >jkh 97/02/06 22:20:07 > > Branch: sbin/dump RELENG_2_1_0 > Modified: sbin/dump main.c > Log: > Roll Peter's typo fix in. Can anybody see any reason for dump to be setuid at all? This is for binding to a low port for remote backups, but I really don't believe the convenience of letting users do this outweight the danger of there being more security holes in it. /sbin/restore is only setuid to be able to open /dev/tty to talk to the operator - for which I've written a patch that pick the tty device from stderr or stdout, and use that instead. Unless somebody can see something wrong with this approach, I'll commit it tomorrow. (Unless Warner beats me to it - I sent him a copy of the patch for review). For those interested in seeing that we don't break restore like OpenBSD did :) I'm reproducing the patch below. --- tape.c.orig Fri Feb 7 13:31:54 1997 +++ tape.c Fri Feb 7 13:31:21 1997 @@ -128,12 +128,17 @@ } else #endif if (strcmp(source, "-") == 0) { + char* ourtty; /* * Since input is coming from a pipe we must establish * our own connection to the terminal. */ - terminal = fopen(_PATH_TTY, "r"); - if (terminal == NULL) { + ourtty = ttyname(2); /* Find a tty at stderr? */ + if( !ourtty ) + ourtty = ttyname(1); /* Try stdout, then. */ + if( ourtty ) + terminal = fopen(ourtty, "r"); + if (ourtty == NULL || terminal == NULL) { (void)fprintf(stderr, "cannot open %s: %s\n", _PATH_TTY, strerror(errno)); terminal = fopen(_PATH_DEVNULL, "r"); Eivind Eklund perhaps@yes.no http://maybe.yes.no/perhaps/ eivind@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19970207142455.00ba1150>