Path: utzoo!attcan!uunet!mcsun!ukc!acorn!ixi!clive From: clive@ixi.uucp Newsgroups: comp.unix.wizards Subject: Re: Is there an FSDB Manual? Message-ID: Date: 6 Oct 89 06:46:44 GMT References: <1221@virtech.UUCP> <4960@cbnewsm.ATT.COM> <572@pd1.ccd.harris.com> Reply-To: clive@ixi.uucp (Clive D.W. Feather) Distribution: comp Organization: IXI Limited, Cambridge, UK Lines: 24 In article <572@pd1.ccd.harris.com> bill@pd1.ccd.harris.com (Bill Davis) writes: >In article <4960@cbnewsm.ATT.COM> szirin@cbnewsm.ATT.COM writes: >>Of course, anyone that can figure out how to use fsdb can easily read your >>private file without ever touching the directory entry... >If this were true, it would be a nasty security hole. >Just by knowing fsdb, I could look anywhere in a file >system and read the contents of files. > >This doesn't happen here. Based on information available here, I have reason >to believe it doesn't happen with the major variants of Unix. Anyone care to >tell me if I am wrong VIA EMAIL to avoid spreading any "how to break a Unix >system" information too widely? There's no need to panic, and it is quite safe to post this. Yes it is true that fsdb allows you to look anywhere in a file system, and so on, but it requires access to the disc device (/dev/dsk/... on my machine). If you make these owned by root or sys with 600 permissions, then noone else can use fsdb to break security. If anyone can read these devices, then they don't need fsdb to do it - adb, or at worst, od (!) is enough. -- Clive D.W. Feather IXI Limited clive@ixi.uucp ...!uunet!ukc!ixi!clive (riskier)