Lowell Gilbert wrote:
[ ... ]
This is silly. Just set umask properly, and you'll be all set. This should not be something for individual programs (like
dump) to worry about.
Disagree. Most individual programs do not create world-readable files containing root's view of the filesystem data. "dump" tends to create human-named files in obvious locations, rather than via mkstemp(). It also tends to hold these files open for quite a while while doing I/O...so that a typical backup script [which then copies the dump to a machine with a tape drive (or via rmt, etc), and then deletes the dump] gives plenty of time for a local user to exploit.

I don't believe FreeBSD ships with a 027 umask for root, although that certainly isn't a bad idea.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to