Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!texbell!sequoia!rpp386!jfh From: jfh@rpp386.cactus.org (John F. Haugh II) Newsgroups: comp.unix.wizards Subject: Re: Is there an FSDB Manual? Message-ID: <17101@rpp386.cactus.org> Date: 5 Oct 89 14:39:26 GMT References: <1221@virtech.UUCP> <4960@cbnewsm.ATT.COM> <572@pd1.ccd.harris.com> Reply-To: jfh@rpp386.cactus.org (John F. Haugh II) Distribution: comp Organization: TrishTrash Readers, Inc. Lines: 44 In article <572@pd1.ccd.harris.com> bill@pd1.ccd.harris.com (Bill Davis) writes: >In article <4960@cbnewsm.ATT.COM> szirin@cbnewsm.ATT.COM writes: >>Of course, anyone that can figure out how to use fsdb can easily read your >>private file without ever touching the directory entry... > >If this were true, it would be a nasty security hole. >Just by knowing fsdb, I could look anywhere in a file >system and read the contents of files. It is quite true, and you don't need fsdb [ but it sure does make things easier ;-) ] To prevent this your block devices can not be readable by normal users. >This doesn't happen here. Based on information >available here, I have reason to believe >it doesn't happen with the major variants of Unix. >Anyone care to tell me if I am wrong VIA EMAIL >to avoid spreading any "how to break a Unix system" >information too widely? Or better yet, if you find >a version of Unix that lets someone other than >root run fsdb and get information out of it (or >worse yet, change it), perhaps you might want to tell >your system vendor about it. You probably don't >want your system to remain that way. fsdb -may- have its access modes restricted to root only, but this does not prevent someone from writing an fsdb clone and posting it to the net so everyone can use it. However, any system which still has adb on it has all that is really needed for file system maintenance. I have used adb [ just yesterday in fact ] to break into UNIX systems. My floppy devices are world accessible, so I mounted a floppy and created a SUID root program. Seems I trashed /etc/shadow and couldn't login as root ;-( -- John F. Haugh II +-Things you didn't want to know:------ VoiceNet: (512) 832-8832 Data: -8835 | The real meaning of MACH is ... InterNet: jfh@rpp386.cactus.org | ... Messages Are Crufty Hacks. UUCPNet: {texbell|bigtex}!rpp386!jfh +--------------------------------------