Home page logo

bugtraq logo Bugtraq mailing list archives

Re: solaris tape dev permission stupidity
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 22 Oct 1998 20:12:57 +0200


this is rather silly and obvious, but i couldn't find anything in seaching
the old archives on geek-girl.com.


under solaris, scsi tape devices (/dev/rmt/*, which are linked to the st () x,x:
devs in /devices) are created with the permissions bits set to 666. this allows
a mallicious user with a login on your system to 'mt erase' the contents of any
tape devices connected to your system.


this is a tough one. i'll let you figure it out yourself.


You could either use /etc/logindevperm (for tapes connected to desktops)
use chmod or edit /etc/minorperm.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]