Re: Irix tape devices + logs + su

[Valdis.Kletnieks () VT EDU (Valdis.Kletnieks () VT EDU)]

--==_Exmh_522684854P
Content-Type: text/plain; charset=us-ascii

On Thu, 17 Dec 1998 09:39:11 +0200, you said:
> entry in root's .cshrc)). So it is possible to have those devices with
> mode 644 or even 666, which is bad news, because anyone could use
> xfsrestore to get any file.

Possibly an issue.  Remember that they still need physical access to
the tape and the tape drive.  xfsrestore isn't set-UID, so a user
can't extract files with a different owner unless they get root first.

I'd worry more about someobdy doing an 'mt rewindoffline' to screw up
a running tape job.

>  Also, /var/adm/SYSLOG contains the failed login names (even if they
> don't exist) and by default, this file is forced to be mode 644 (root's
> crontab will take care for this, when rotating the logs).

This can be an issue.

>  Finaly, when using su, the user's .cshrc will be executed with
> privileges of the target user (if the su is succesful). For example,
> if user nobody has a cp /bin/sh /tmp; chmod 6755 /tmp/sh in his .cshrc
> and he use su to become root, a rootshell will be available in /tmp :)
> This is valid only for succesfull su's

So?  They're root, and they could do that *anyhow*. No exposure here.

Now, if the user can trick the sysadmin into su'ing and running the
user's .cshrc *instead* of the sysadmin's, that's more interesting. ;)

--
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech


--==_Exmh_522684854P
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUBNnrf1dQBOOoptg9JAQET+QP+KtVN9IGlYtpq6OqI3QXXvKfIa2NdHhbY
WUnDWTUibhPlguxv1hIIaMtgxSmy6nKkLEqXdGMC4S2mwZRQLeiuZbuPgySzsjBO
UOjAc4h8Xaod5R8Te9als/MTxMoBRQSJzWclj6658371Cm5HXd2sE33hmmuN982U
i2t1Mx+Ko0g=
=/j5Z
-----END PGP MESSAGE-----

--==_Exmh_522684854P--