Bugtraq mailing list archives
Re: solaris tape dev permission stupidity
From: foobar () NULL NET (Michael R. Eckhoff)
Date: Thu, 22 Oct 1998 00:03:11 -0500
Along with MANY other problems. I sent this into CERT and BSDi was also contacted by a friend of mine about this over a month ago. BSDi came back and pretty much said that it was a sacrifice to make life easier on the admin (I can quote the message if anyone cares to read it word for word), which I was not very impressed with. Now that this has been brought to bugtraq (I was going to take it through CERT so the vendors could be contacted first), most every commercial UNIX is setup this way. The only ones I could find that were not were the free unixes such as Slackware, RedHat, *BSD, etc. And I think think that Patrick Volkerding of Slackware fame said it best when I asked him why he chose not to set the tape devices this way with his reply of, "Common sense? :^)". Please note as some of the other problems that can arise are that any user can restore a protected password database as their own, mail spool files that are not theirs, etc. As I described it to one person, "Is your data safe? Not if you back it up." To expand on the mt erase problem, this with a nice at or cron job could render your months worth of backups useless since you'll be storing nothing but blank tapes and never even know it. IMHO, if you want to keep the 'ease of use' for trusted users to access the tape, create a new 'standard' group called 'tape' that gives full rights to the tape devices, and make the trusted users newgrp tape before they access it rather than open it up for everyone. Michael R. Eckhoff Paranet Voice: 972.239.5544 Sprint Paranet - CCL Dallas Hornets Project Voice: 972.652.2024 mreckhof () sprintparanet com Parafax: 972.818.6374
-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () netspace org]On Behalf Of joshua grubman Sent: Wednesday, October 21, 1998 5:15 PM To: BUGTRAQ () netspace org Subject: solaris tape dev permission stupidity hi, this is rather silly and obvious, but i couldn't find anything in seaching the old archives on geek-girl.com. problem: under solaris, scsi tape devices (/dev/rmt/*, which are linked to the st@x,x: devs in /devices) are created with the permissions bits set to 666. this allows a mallicious user with a login on your system to 'mt erase' the contents of any tape devices connected to your system. solution: this is a tough one. i'll let you figure it out yourself. ~josh --- josh grubman / http://false.net/~jg "if you don't ask, i won't upset you"
Current thread:
- solaris tape dev permission stupidity joshua grubman (Oct 21)
- Re: solaris tape dev permission stupidity Michael R. Eckhoff (Oct 21)
- Re: solaris tape dev permission stupidity Casper Dik (Oct 22)
- Vulnerability in IRIX autofsd SGI Security Coordinator (Oct 22)
- CDE for Linux Susan Carney (Oct 22)
- Re: CDE for Linux bandregg () REDHAT COM (Oct 23)
- New SMAP + SASL + SSL Patches available. MacGyver (Oct 22)
- <Possible follow-ups>
- Re: solaris tape dev permission stupidity Robert Thomas (Oct 21)
- Re: solaris tape dev permission stupidity Darren J Moffat - Enterprise Services OS Product Support Group (Oct 22)
- Re: solaris tape dev permission stupidity Tobias J. Kreidl (Oct 23)