Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: solaris tape dev permission stupidity
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 22 Oct 1998 20:12:57 +0200


hi,

this is rather silly and obvious, but i couldn't find anything in seaching
the old archives on geek-girl.com.

problem:

under solaris, scsi tape devices (/dev/rmt/*, which are linked to the st () x,x:
devs in /devices) are created with the permissions bits set to 666. this allows
a mallicious user with a login on your system to 'mt erase' the contents of any
tape devices connected to your system.

solution:

this is a tough one. i'll let you figure it out yourself.


Tough?

You could either use /etc/logindevperm (for tapes connected to desktops)
use chmod or edit /etc/minorperm.

Casper



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault