Bugtraq mailing list archives
Re: solaris tape dev permission stupidity
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 22 Oct 1998 20:12:57 +0200
hi, this is rather silly and obvious, but i couldn't find anything in seaching the old archives on geek-girl.com. problem: under solaris, scsi tape devices (/dev/rmt/*, which are linked to the st@x,x: devs in /devices) are created with the permissions bits set to 666. this allows a mallicious user with a login on your system to 'mt erase' the contents of any tape devices connected to your system. solution: this is a tough one. i'll let you figure it out yourself.
Tough? You could either use /etc/logindevperm (for tapes connected to desktops) use chmod or edit /etc/minorperm. Casper
Current thread:
- solaris tape dev permission stupidity joshua grubman (Oct 21)
- Re: solaris tape dev permission stupidity Michael R. Eckhoff (Oct 21)
- Re: solaris tape dev permission stupidity Casper Dik (Oct 22)
- Vulnerability in IRIX autofsd SGI Security Coordinator (Oct 22)
- CDE for Linux Susan Carney (Oct 22)
- Re: CDE for Linux bandregg () REDHAT COM (Oct 23)
- New SMAP + SASL + SSL Patches available. MacGyver (Oct 22)
- <Possible follow-ups>
- Re: solaris tape dev permission stupidity Robert Thomas (Oct 21)
- Re: solaris tape dev permission stupidity Darren J Moffat - Enterprise Services OS Product Support Group (Oct 22)
- Re: solaris tape dev permission stupidity Tobias J. Kreidl (Oct 23)