On Fri, 18 Dec 1998 Valdis.Kletnieksat_private wrote: > On Thu, 17 Dec 1998 09:39:11 +0200, you said: > > entry in root's .cshrc)). So it is possible to have those devices with > > mode 644 or even 666, which is bad news, because anyone could use > > xfsrestore to get any file. > > Possibly an issue. Remember that they still need physical access to > the tape and the tape drive. xfsrestore isn't set-UID, so a user > can't extract files with a different owner unless they get root first. > > I'd worry more about someobdy doing an 'mt rewindoffline' to screw up > a running tape job. You can restore the files to a different location, than the original. xfsrestore will give you files like the shadow with pleasure. (It is as safe, as having the hard disk devices with o+rw permissions. :) An attacker needs to know, only the time you use to backup your / partition (any incremental level can be forced to backup /etc/shadow, by simply changing your password) > Valdis Kletnieks > Computer Systems Senior Engineer > Virginia Tech <<V13>>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:18 PDT