Lowell Gilbert wrote: [ ... ]
This is silly. Just set umask properly, and you'll be all set. This should not be something for individual programs (likeDisagree. Most individual programs do not create world-readable files containing root's view of the filesystem data. "dump" tends to create human-named files in obvious locations, rather than via mkstemp(). It also tends to hold these files open for quite a while while doing I/O...so that a typical backup script [which then copies the dump to a machine with a tape drive (or via rmt, etc), and then deletes the dump] gives plenty of time for a local user to exploit.
dump) to worry about.
I don't believe FreeBSD ships with a 027 umask for root, although that certainly isn't a bad idea.
-Chuck
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
