Re: solaris tape dev permission stupidity

From: Casper Dik (casperat_private)
Date: Thu Oct 22 1998 - 11:12:57 PDT

Next message: dumped: "Re: SVGATextMode 1.8 /tmp race"

Previous message: joshua grubman: "Re: solaris tape dev permission stupidity (fwd)"
Maybe in reply to: joshua grubman: "solaris tape dev permission stupidity"
Next in thread: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: solaris tape dev permission stupidity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>hi,
>
>this is rather silly and obvious, but i couldn't find anything in seaching
>the old archives on geek-girl.com.
>
>problem:
>
>under solaris, scsi tape devices (/dev/rmt/*, which are linked to the st@x,x:
>devs in /devices) are created with the permissions bits set to 666. this allows
>a mallicious user with a login on your system to 'mt erase' the contents of any
>tape devices connected to your system.
>
>solution:
>
>this is a tough one. i'll let you figure it out yourself.


Tough?

You could either use /etc/logindevperm (for tapes connected to desktops)
use chmod or edit /etc/minorperm.

Casper

Next message: dumped: "Re: SVGATextMode 1.8 /tmp race"
Previous message: joshua grubman: "Re: solaris tape dev permission stupidity (fwd)"
Maybe in reply to: joshua grubman: "solaris tape dev permission stupidity"
Next in thread: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: solaris tape dev permission stupidity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:20:38 PDT