Bugtraq mailing list archives

Re: Irix tape devices + logs + su

From: basv () SARA NL (Bas van der Vlies)
Date: Mon, 21 Dec 1998 08:20:02 +0100


On 17-Dec-98 Harhalakis Stefanos wrote:

 I don't know if those are known stories.
Anyway... on Irix 6.4 the tape devices (in /hw/tape) may be created with
false permissions. I think that they are created using the current umask.
(When using su, the current umask will not change (unless there is a umask
entry in root's .cshrc)). So it is possible to have those devices with
mode 644 or even 666, which is bad news, because anyone could use
xfsrestore to get any file.

In IRIX 6.3 and higher you can specify what the mode of the device file is with
the file /etc/ioperms
   /dev/rmt/*   0600    root    sys
   /dev/console 0644    root    sys

See man ioconfig for more info.

********************************************************************
*                                                                  *
*  Bas van der Vlies                     e-mail: basv () sara nl      *
*  SARA - Academic Computing Services    phone:  +31 20 592 8012   *
*  Kruislaan 415                         fax:    +31 20 6683167    *
*  1098 SJ Amsterdam                                               *
*                                                                  *
********************************************************************

Current thread:

Irix tape devices + logs + su Harhalakis Stefanos (Dec 16)
- DoS caused by lpd Kevin K. Sochacki (Dec 18)
- Re: Irix tape devices + logs + su Valdis.Kletnieks () VT EDU (Dec 18)
  - Re: Irix tape devices + logs + su Harhalakis Stefanos (Dec 19)
- Re: Irix tape devices + logs + su Bas van der Vlies (Dec 20)