joshua grubman wrote: > under solaris, scsi tape devices (/dev/rmt/*, which are linked to the st@x,x: > devs in /devices) are created with the permissions bits set to 666. this allows > a mallicious user with a login on your system to 'mt erase' the contents of any > tape devices connected to your system. It's not that simple. Say, for example, you the unix administrator, as a good boy/girl, does a daily backup... That backup is written to the tape. All is well and good. You leave your desk, and start to wander over to the computer room, to pull the tape out of the drive. IN that time, someone's done: lamer@leeto$ cd lamer@leeto$ mt -f /dev/nrmt/0h rewind lamer@leeto$ tar xvf /dev/nrmt/0h etc/shadow ... lamer@leeto$ cd etc lamer@leeto$ more shadow ..shadow password entry.. and your shadow password file is open to the world. Just one, of many, bad-things(tm) that can be done with lame-arsed tape permissions. --Rob Thomas
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:20:45 PDT