[8740] in bugtraq
Re: Irix tape devices + logs + su
daemon@ATHENA.MIT.EDU (Harhalakis Stefanos)
Sun Dec 20 13:35:00 1998
Date: Sun, 20 Dec 1998 02:44:36 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Harhalakis Stefanos <v13@AETOS.IT.TEITHE.GR>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199812182305.SAA28398@black-ice.cc.vt.edu>
On Fri, 18 Dec 1998 Valdis.Kletnieks@VT.EDU wrote:
> On Thu, 17 Dec 1998 09:39:11 +0200, you said:
> > entry in root's .cshrc)). So it is possible to have those devices with
> > mode 644 or even 666, which is bad news, because anyone could use
> > xfsrestore to get any file.
>
> Possibly an issue. Remember that they still need physical access to
> the tape and the tape drive. xfsrestore isn't set-UID, so a user
> can't extract files with a different owner unless they get root first.
>
> I'd worry more about someobdy doing an 'mt rewindoffline' to screw up
> a running tape job.
You can restore the files to a different location, than the original.
xfsrestore will give you files like the shadow with pleasure. (It is as
safe, as having the hard disk devices with o+rw permissions. :) An
attacker needs to know, only the time you use to backup your / partition
(any incremental level can be forced to backup /etc/shadow, by simply
changing your password)
> Valdis Kletnieks
> Computer Systems Senior Engineer
> Virginia Tech
<<V13>>
