Is there an FSDB Manual?
John Chambers
jc at minya.UUCP
Fri Oct 13 09:25:29 AEST 1989
In article <Oct89.064644.7768 at ixi.uucp>, clive at ixi.uucp writes:
> There's no need to panic, and it is quite safe to post this. Yes it is true
> that fsdb allows you to look anywhere in a file system, and so on, but it
> requires access to the disc device (/dev/dsk/... on my machine). If you make
> these owned by root or sys with 600 permissions, then noone else can use fsdb
> to break security. If anyone can read these devices, then they don't need fsdb
> to do it - adb, or at worst, od (!) is enough.
You'll likely have to do a bit more than that. Some utilities (df is
a good example) read the device, so if you put 600 permissions on the
device, you must make /bin/df setuid to the device's owner. Sys/V seems
to come with df setuid-root, presumably for this reason.
Alternatively, if you don't like setuid-root programs lying about, you
can make the device 640, and make /bin/df setgid to whatever group you
put the devices in (sys is a good choice). That's what I've done here,
and it works just fine.
There are a couple of other programs, too, but their names escape me at
the moment.
--
#echo 'Opinions Copyright 1989 by John Chambers; for licensing information contact:'
echo ' John Chambers <{adelie,ima,mit-eddie}!minya!{jc,root}> (617/484-6393)'
echo ''
saying
More information about the Comp.unix.wizards
mailing list