Path: utzoo!mnetor!uunet!husc6!bloom-beacon!oberon!cit-vax!mangler
From: mangler@cit-vax.Caltech.Edu (Don Speck)
Newsgroups: comp.unix.wizards
Subject: Re: Remote dumps as root (was Re: Why does "root" worn everything?)
Message-ID: <5939@cit-vax.Caltech.Edu>
Date: 25 Mar 88 07:35:14 GMT
References: <5209@uwmcsd1.UUCP> <9269@sunybcs.UUCP> <7454@brl-smoke.ARPA> <9394@sunybcs.UUCP>
Distribution: na
Organization: California Institute of Technology
Lines: 26
Summary: 4.3bsd rdump designed to be setuid

In article <1610@pinney.munsell.UUCP> pz@pinney.UUCP (Paul Czarnecki) writes:
>I asked Sun what to do about this.  (Isn't software support wonderful)
>They just told me to make /etc/dump setuid root, setgid operator.
>None of my backups are done by someone logging in as root.
>
>Was this stupid?

4.3bsd rdump is setuid and executable by world, but it is designed for it.
After it calls rcmd(), it throws away its privileges.  I don't think it's
any more dangerous than 'rsh' (remote shell).

SunOS rdump is derived from 4.2bsd rdump, which was NOT designed to be
setuid.  4.2bsd rdump calls rcmd() with locuser = remuser = "root", and
it doesn't throw away its setuid privileges afterward.	Making it setuid
instead of giving the operator a root shell is just fooling yourself.

In article <9394@sunybcs.UUCP>, kensmith@sunybcs.uucp (Ken Smith) writes:
> sudo /etc/rdump 2udsf 6250 2200 joey.sundumps:/dev/rmt8 /dev/whatever

This syntax, patterned after 4.2bsd "rcp", is peculiar to SunOS and
incompatible with the world of domain names.  It should give way to
a syntax more like 4.3bsd "rcp":

    rdump 0uf user@host.domain:device,device,device /filsys

Don Speck   speck@vlsi.caltech.edu  {amdahl,ames!elroy}!cit-vax!speck