[8756] in bugtraq
Re: Irix tape devices + logs + su
daemon@ATHENA.MIT.EDU (Bas van der Vlies)
Mon Dec 21 17:35:11 1998
Date: Mon, 21 Dec 1998 08:20:02 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Bas van der Vlies <basv@SARA.NL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SGI.4.05.9812170902290.27484-100000@aetos.it.teithe.gr>
On 17-Dec-98 Harhalakis Stefanos wrote:
> I don't know if those are known stories.
> Anyway... on Irix 6.4 the tape devices (in /hw/tape) may be created with
> false permissions. I think that they are created using the current umask.
> (When using su, the current umask will not change (unless there is a umask
> entry in root's .cshrc)). So it is possible to have those devices with
> mode 644 or even 666, which is bad news, because anyone could use
> xfsrestore to get any file.
>
In IRIX 6.3 and higher you can specify what the mode of the device file is with
the file /etc/ioperms
/dev/rmt/* 0600 root sys
/dev/console 0644 root sys
See man ioconfig for more info.
********************************************************************
* *
* Bas van der Vlies e-mail: basv@sara.nl *
* SARA - Academic Computing Services phone: +31 20 592 8012 *
* Kruislaan 415 fax: +31 20 6683167 *
* 1098 SJ Amsterdam *
* *
********************************************************************