Path: utzoo!mnetor!uunet!husc6!cmcl2!brl-adm!umd5!trantor.umd.edu!louie
From: louie@trantor.umd.edu (Louis A. Mamakos)
Newsgroups: comp.unix.wizards
Subject: Re: Remote dumps as root (was Re: Why does "root" worn everything?)
Message-ID: <2463@umd5.umd.edu>
Date: 17 Mar 88 13:49:05 GMT
References: <5209@uwmcsd1.UUCP> <9269@sunybcs.UUCP> <7454@brl-smoke.ARPA> <9926@steinmetz.steinmetz.UUCP> <9318@sunybcs.UUCP> <1610@pinney.munsell.UUCP>
Sender: ris@umd5.umd.edu
Reply-To: louie@trantor.umd.edu (Louis A. Mamakos)
Distribution: na
Organization: University of Maryland, College Park
Lines: 19

In article <1610@pinney.munsell.UUCP> pz@pinney.UUCP (Paul Czarnecki) writes:
>I asked Sun what to do about this.  (Isn't software support wonderful)
>They just told me to make /etc/dump setuid root, setgid operator.
>None of my backups are done by someone logging in as root.
>
>Was this stupid?

I think so.  What's to stop Joe User from doing something like:

	dump 0f /dev/rra0c - | restore xf - ./path/secret-file

to grab any file on your system?





Louis A. Mamakos  WA3YMH    Internet: louie@TRANTOR.UMD.EDU
University of Maryland, Computer Science Center - Systems Programming