On Fri, 18 Dec 1998 Valdis.Kletnieks_at_VT.EDU wrote:
> On Thu, 17 Dec 1998 09:39:11 +0200, you said:
> > entry in root's .cshrc)). So it is possible to have those devices with
> > mode 644 or even 666, which is bad news, because anyone could use
> > xfsrestore to get any file.
>
> Possibly an issue. Remember that they still need physical access to
> the tape and the tape drive. xfsrestore isn't set-UID, so a user
> can't extract files with a different owner unless they get root first.
>
> I'd worry more about someobdy doing an 'mt rewindoffline' to screw up
> a running tape job.
You can restore the files to a different location, than the original.
xfsrestore will give you files like the shadow with pleasure. (It is as
safe, as having the hard disk devices with o+rw permissions. :) An
attacker needs to know, only the time you use to backup your / partition
(any incremental level can be forced to backup /etc/shadow, by simply
changing your password)
> Valdis Kletnieks
> Computer Systems Senior Engineer
> Virginia Tech
<<V13>>
Received on Dec 20 1998
Intro
