solaris tape dev permission stupidity

From: joshua grubman (jgat_private)
Date: Wed Oct 21 1998 - 15:14:53 PDT

Next message: Nergal: "Root compromise via zgv"

Previous message: Themag00ru: "Netscape Communicator 4.07 - Prefs.js Reset"
Next in thread: Casper Dik: "Re: solaris tape dev permission stupidity"
Reply: Casper Dik: "Re: solaris tape dev permission stupidity"
Reply: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: solaris tape dev permission stupidity"
Reply: Robert Thomas: "Re: solaris tape dev permission stupidity"
Reply: Michael R. Eckhoff: "Re: solaris tape dev permission stupidity"
Reply: Tobias J. Kreidl: "Re: solaris tape dev permission stupidity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi,

this is rather silly and obvious, but i couldn't find anything in seaching
the old archives on geek-girl.com.

problem:

under solaris, scsi tape devices (/dev/rmt/*, which are linked to the st@x,x:
devs in /devices) are created with the permissions bits set to 666. this allows
a mallicious user with a login on your system to 'mt erase' the contents of any
tape devices connected to your system.

solution:

this is a tough one. i'll let you figure it out yourself.

~josh

---
josh grubman / http://false.net/~jg
"if you don't ask, i won't upset you"

Next message: Nergal: "Root compromise via zgv"
Previous message: Themag00ru: "Netscape Communicator 4.07 - Prefs.js Reset"
Next in thread: Casper Dik: "Re: solaris tape dev permission stupidity"
Reply: Casper Dik: "Re: solaris tape dev permission stupidity"
Reply: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: solaris tape dev permission stupidity"
Reply: Robert Thomas: "Re: solaris tape dev permission stupidity"
Reply: Michael R. Eckhoff: "Re: solaris tape dev permission stupidity"
Reply: Tobias J. Kreidl: "Re: solaris tape dev permission stupidity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:20:24 PDT