Bugtraq mailing list archives
Re: Irix tape devices + logs + su
From: basv () SARA NL (Bas van der Vlies)
Date: Mon, 21 Dec 1998 08:20:02 +0100
On 17-Dec-98 Harhalakis Stefanos wrote:
I don't know if those are known stories. Anyway... on Irix 6.4 the tape devices (in /hw/tape) may be created with false permissions. I think that they are created using the current umask. (When using su, the current umask will not change (unless there is a umask entry in root's .cshrc)). So it is possible to have those devices with mode 644 or even 666, which is bad news, because anyone could use xfsrestore to get any file.
In IRIX 6.3 and higher you can specify what the mode of the device file is with the file /etc/ioperms /dev/rmt/* 0600 root sys /dev/console 0644 root sys See man ioconfig for more info. ******************************************************************** * * * Bas van der Vlies e-mail: basv () sara nl * * SARA - Academic Computing Services phone: +31 20 592 8012 * * Kruislaan 415 fax: +31 20 6683167 * * 1098 SJ Amsterdam * * * ********************************************************************
Current thread:
- Irix tape devices + logs + su Harhalakis Stefanos (Dec 16)
- DoS caused by lpd Kevin K. Sochacki (Dec 18)
- Re: Irix tape devices + logs + su Valdis.Kletnieks () VT EDU (Dec 18)
- Re: Irix tape devices + logs + su Harhalakis Stefanos (Dec 19)
- Re: Irix tape devices + logs + su Bas van der Vlies (Dec 20)