Date: Sat, 25 Sep 1999 22:03:23 -0400 (EDT) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: dillon@apollo.backplane.com (Matthew Dillon) Cc: freebsd-security@FreeBSD.ORG Subject: Re: dump(8) Insecurity/Misconfiguration Message-ID: <199909260203.WAA48170@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <199909260034.RAA59356@apollo.backplane.com> from Matthew Dillon at "Sep 25, 1999 05:34:14 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon wrote,
[snip helpful answers, thanks]
> :2) Will it break anything if I clear the group read bit on the disk
> : devices?
>
> If you never run dump or you only run it as root, you will not break
> anything by removing the group read bit from the devices.
I am used to only doing it as root since the manpage says,
"Dump cannot do remote backups without being run as root, due to its secu-
rity history. This will be fixed in a later version of FreeBSD. Present-
ly, it works if you set it setuid (like it used to be), but this might
constitute a security risk."
And I often do dumps to tape drives that are not local.
> :3) dump(8) is setgid to group tty. Why?
>
> This is so dump can write to the terminal of all users in group operator,
> which is normally just root and the oprator, when you use the -n option.
Hmmm... So if I am running as root anyway... And I don't use
'-n'... This setgid really is not giving me anything.
Thanks again for the helpful answers.
--
Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909260203.WAA48170>