--==_Exmh_522684854P Content-Type: text/plain; charset=us-ascii On Thu, 17 Dec 1998 09:39:11 +0200, you said: > entry in root's .cshrc)). So it is possible to have those devices with > mode 644 or even 666, which is bad news, because anyone could use > xfsrestore to get any file. Possibly an issue. Remember that they still need physical access to the tape and the tape drive. xfsrestore isn't set-UID, so a user can't extract files with a different owner unless they get root first. I'd worry more about someobdy doing an 'mt rewindoffline' to screw up a running tape job. > Also, /var/adm/SYSLOG contains the failed login names (even if they > don't exist) and by default, this file is forced to be mode 644 (root's > crontab will take care for this, when rotating the logs). This can be an issue. > Finaly, when using su, the user's .cshrc will be executed with > privileges of the target user (if the su is succesful). For example, > if user nobody has a cp /bin/sh /tmp; chmod 6755 /tmp/sh in his .cshrc > and he use su to become root, a rootshell will be available in /tmp :) > This is valid only for succesfull su's So? They're root, and they could do that *anyhow*. No exposure here. Now, if the user can trick the sysadmin into su'ing and running the user's .cshrc *instead* of the sysadmin's, that's more interesting. ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech --==_Exmh_522684854P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBNnrf1dQBOOoptg9JAQET+QP+KtVN9IGlYtpq6OqI3QXXvKfIa2NdHhbY WUnDWTUibhPlguxv1hIIaMtgxSmy6nKkLEqXdGMC4S2mwZRQLeiuZbuPgySzsjBO UOjAc4h8Xaod5R8Te9als/MTxMoBRQSJzWclj6658371Cm5HXd2sE33hmmuN982U i2t1Mx+Ko0g= =/j5Z -----END PGP MESSAGE----- --==_Exmh_522684854P--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:12 PDT