Is there an FSDB Manual?

Conor P. Cahill cpcahil at virtech.UUCP
Thu Oct 5 10:59:04 AEST 1989 

In article <572 at pd1.ccd.harris.com>, bill at pd1.ccd.harris.com (Bill Davis) writes:
> In article <4960 at cbnewsm.ATT.COM> szirin at cbnewsm.ATT.COM writes:
> >Of course, anyone that can figure out how to use fsdb can easily read your
> >private file without ever touching the directory entry...
> 
> If this were true, it would be a nasty security hole.
> Just by knowing fsdb, I could look anywhere in a file
> system and read the contents of files.

This is true, but it depends upon one fact: The user can read the disk device
directly.  Most systems do not permit this so there is no problem.

If the mode of /dev/[r]dsk/* allows read permission, any program will be able
to read information from any file on the system, totally bypassing the 
standard protections.  Fsdb is just a program that already understands the 
underlying fs layout, so it would be easier.

This should not be a problem, because all systems should limit the access
to the disk device files.

> This doesn't happen here.  Based on information
> available here, I have reason to believe
> it doesn't happen with the major variants of Unix.
> Anyone care to tell me if I am wrong VIA EMAIL
> to avoid spreading any "how to break a Unix system"
> information too widely?  Or better yet, if you find
> a version of Unix that lets someone other than
> root run fsdb and get information out of it (or
> worse yet, change it), perhaps you might want to tell
> your system vendor about it.  You probably don't
> want your system to remain that way.


This is not a function of fsdb, but a function of the access modes of the 
/dev/dsk files.  This is true for *ALL* versions of unix (allowing for 
different paths to the different disk devices).






-- 
+-----------------------------------------------------------------------+
| Conor P. Cahill     uunet!virtech!cpcahil      	703-430-9247	!
| Virtual Technologies Inc.,    P. O. Box 876,   Sterling, VA 22170     |
+-----------------------------------------------------------------------+

More information about the Comp.unix.wizards mailing list