Remote dumps as root (was Re: Why does "root" worn everything?)
Don Speck
mangler at cit-vax.Caltech.Edu
Fri Mar 25 17:35:14 AEST 1988
In article <1610 at pinney.munsell.UUCP> pz at pinney.UUCP (Paul Czarnecki) writes:
>I asked Sun what to do about this. (Isn't software support wonderful)
>They just told me to make /etc/dump setuid root, setgid operator.
>None of my backups are done by someone logging in as root.
>
>Was this stupid?
4.3bsd rdump is setuid and executable by world, but it is designed for it.
After it calls rcmd(), it throws away its privileges. I don't think it's
any more dangerous than 'rsh' (remote shell).
SunOS rdump is derived from 4.2bsd rdump, which was NOT designed to be
setuid. 4.2bsd rdump calls rcmd() with locuser = remuser = "root", and
it doesn't throw away its setuid privileges afterward. Making it setuid
instead of giving the operator a root shell is just fooling yourself.
In article <9394 at sunybcs.UUCP>, kensmith at sunybcs.uucp (Ken Smith) writes:
> sudo /etc/rdump 2udsf 6250 2200 joey.sundumps:/dev/rmt8 /dev/whatever
This syntax, patterned after 4.2bsd "rcp", is peculiar to SunOS and
incompatible with the world of domain names. It should give way to
a syntax more like 4.3bsd "rcp":
rdump 0uf user at host.domain:device,device,device /filsys
Don Speck speck at vlsi.caltech.edu {amdahl,ames!elroy}!cit-vax!speck
More information about the Comp.unix.wizards
mailing list