Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!ginosko!usc!rutgers!cmcl2!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn)
Newsgroups: comp.unix.wizards
Subject: Re: Is there an FSDB Manual?
Message-ID: <11223@smoke.BRL.MIL>
Date: 5 Oct 89 14:27:35 GMT
References: <1221@virtech.UUCP> <4960@cbnewsm.ATT.COM> <572@pd1.ccd.harris.com>
Reply-To: gwyn@brl.arpa (Doug Gwyn)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 10

In article <572@pd1.ccd.harris.com> bill@pd1.ccd.harris.com (Bill Davis) writes:
>In article <4960@cbnewsm.ATT.COM> szirin@cbnewsm.ATT.COM writes:
>>Of course, anyone that can figure out how to use fsdb can easily read your
>>private file without ever touching the directory entry...
>If this were true, it would be a nasty security hole.

fsdb has to be able to access the disk device special file for this
to be a problem.  The two most probable ways for this to occur are
for fsdb to be installed setUID, or for the special file inode to
have too liberal access permissions set.