Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!gatech!uflorida!rex!ginosko!uunet!virtech!cpcahil From: cpcahil@virtech.UUCP (Conor P. Cahill) Newsgroups: comp.unix.wizards Subject: Re: Is there an FSDB Manual? Summary: if the disk device is readable, any program can do this Message-ID: <1235@virtech.UUCP> Date: 5 Oct 89 00:59:04 GMT References: <1221@virtech.UUCP> <4960@cbnewsm.ATT.COM> <572@pd1.ccd.harris.com> Distribution: comp Organization: Virtual Technologies Inc Lines: 47 In article <572@pd1.ccd.harris.com>, bill@pd1.ccd.harris.com (Bill Davis) writes: > In article <4960@cbnewsm.ATT.COM> szirin@cbnewsm.ATT.COM writes: > >Of course, anyone that can figure out how to use fsdb can easily read your > >private file without ever touching the directory entry... > > If this were true, it would be a nasty security hole. > Just by knowing fsdb, I could look anywhere in a file > system and read the contents of files. This is true, but it depends upon one fact: The user can read the disk device directly. Most systems do not permit this so there is no problem. If the mode of /dev/[r]dsk/* allows read permission, any program will be able to read information from any file on the system, totally bypassing the standard protections. Fsdb is just a program that already understands the underlying fs layout, so it would be easier. This should not be a problem, because all systems should limit the access to the disk device files. > This doesn't happen here. Based on information > available here, I have reason to believe > it doesn't happen with the major variants of Unix. > Anyone care to tell me if I am wrong VIA EMAIL > to avoid spreading any "how to break a Unix system" > information too widely? Or better yet, if you find > a version of Unix that lets someone other than > root run fsdb and get information out of it (or > worse yet, change it), perhaps you might want to tell > your system vendor about it. You probably don't > want your system to remain that way. This is not a function of fsdb, but a function of the access modes of the /dev/dsk files. This is true for *ALL* versions of unix (allowing for different paths to the different disk devices). -- +-----------------------------------------------------------------------+ | Conor P. Cahill uunet!virtech!cpcahil 703-430-9247 ! | Virtual Technologies Inc., P. O. Box 876, Sterling, VA 22170 | +-----------------------------------------------------------------------+