Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!bloom-beacon!spdcc!ima!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: comp.unix.wizards Subject: Re: Is there an FSDB Manual? Message-ID: <37@minya.UUCP> Date: 12 Oct 89 23:25:29 GMT References: <1221@virtech.UUCP> <4960@cbnewsm.ATT.COM> <572@pd1.ccd.harris.com> Distribution: comp Organization: home Lines: 26 In article , clive@ixi.uucp writes: > There's no need to panic, and it is quite safe to post this. Yes it is true > that fsdb allows you to look anywhere in a file system, and so on, but it > requires access to the disc device (/dev/dsk/... on my machine). If you make > these owned by root or sys with 600 permissions, then noone else can use fsdb > to break security. If anyone can read these devices, then they don't need fsdb > to do it - adb, or at worst, od (!) is enough. You'll likely have to do a bit more than that. Some utilities (df is a good example) read the device, so if you put 600 permissions on the device, you must make /bin/df setuid to the device's owner. Sys/V seems to come with df setuid-root, presumably for this reason. Alternatively, if you don't like setuid-root programs lying about, you can make the device 640, and make /bin/df setgid to whatever group you put the devices in (sys is a good choice). That's what I've done here, and it works just fine. There are a couple of other programs, too, but their names escape me at the moment. -- #echo 'Opinions Copyright 1989 by John Chambers; for licensing information contact:' echo ' John Chambers <{adelie,ima,mit-eddie}!minya!{jc,root}> (617/484-6393)' echo '' saying