Re: security vulnerability in dump

2003-01-07 Thread Shaun Dwyer
Kirk Strauser wrote: At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: Normally the master.passwd is backed up regularly by cron (/var/backups), so maybe no need to backup it again. Were you joking? Surely you're not implying that there's no need to copy the data to tape (

Data vulnerability (Was: security vulnerability in dump)

2003-01-07 Thread Mike Meyer
In <[EMAIL PROTECTED]>, Andrew Prewett <[EMAIL PROTECTED]> typed: > Today Mike Meyer wrote: > > In <[EMAIL PROTECTED]>, Andrew Prewett ><[EMAIL PROTECTED]> typed: > > > Today Kirk Strauser wrote: > > > > At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > > > > > Normally the m

Re: security vulnerability in dump

2003-01-07 Thread Kirk Strauser
At 2003-01-07T22:50:08Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > No, "umgekehrt", ideally / should be on a separate drive and /home, /var, > /usr on another drive(s). I mean, I wouldn't put my company database, > fileserver, etc. on a machine with only one drive. So, my wording was > maybe

Re: security vulnerability in dump

2003-01-07 Thread Andrew Prewett
Today Ed Hall wrote: > > Today Kirk Strauser wrote: > > > At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> > writes: > > > > Normally the master.passwd is backed up regularly by cron > (/var/backups), > > > > so maybe no need to backup it again. > > > > > Were you joking? Surely you'r

Re: security vulnerability in dump

2003-01-07 Thread Andrew Prewett
Today Mike Meyer wrote: > In <[EMAIL PROTECTED]>, Andrew Prewett ><[EMAIL PROTECTED]> typed: > > Today Kirk Strauser wrote: > > > At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > > > > Normally the master.passwd is backed up regularly by cron (/var/backups), > > > > so maybe

Re: security vulnerability in dump

2003-01-07 Thread Mike Meyer
In <[EMAIL PROTECTED]>, Andrew Prewett <[EMAIL PROTECTED]> typed: > Today Kirk Strauser wrote: > > At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > > > Normally the master.passwd is backed up regularly by cron (/var/backups), > > > so maybe no need to backup it again. > > Wer

Re: security vulnerability in dump

2003-01-07 Thread Kirk Strauser
At 2003-01-07T20:13:51Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > If /etc and /var are on the same HD, then it's not a production machine or > the setup is simly wrong. So you don't backup machines with more than one drive? I'm confused. -- Kirk Strauser In Googlis non est, ergo non est.

Re: security vulnerability in dump

2003-01-07 Thread Ed Hall
> Today Kirk Strauser wrote: > > At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > > > Normally the master.passwd is backed up regularly by cron (/var/backups), > > > so maybe no need to backup it again. > > > Were you joking? Surely you're not implying that there's no need

Re: security vulnerability in dump

2003-01-07 Thread Andrew Prewett
Today Kirk Strauser wrote: > > At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > > > Normally the master.passwd is backed up regularly by cron (/var/backups), > > so maybe no need to backup it again. > > Were you joking? Surely you're not implying that there's no need to copy

Re: security vulnerability in dump

2003-01-07 Thread Kirk Strauser
At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > Normally the master.passwd is backed up regularly by cron (/var/backups), > so maybe no need to backup it again. Were you joking? Surely you're not implying that there's no need to copy the data to tape (which is the most co

Re: security vulnerability in dump

2003-01-07 Thread Chuck Swiger
Lowell Gilbert wrote: [ ... ] This is silly. Just set umask properly, and you'll be all set. This should not be something for individual programs (like dump) to worry about. Disagree. Most individual programs do not create world-readable files containing root's view of the filesystem data.

Re: security vulnerability in dump

2003-01-07 Thread Lowell Gilbert
Mark <[EMAIL PROTECTED]> writes: > There may be a lot more files one wishes not to be world-readable. :) And > excluding them all from the dump may not be the answer. Especially since it > would be very little trouble to adjust dump's code in such a way that it > writes chmod 600 to begin with. T

Re: security vulnerability in dump

2003-01-07 Thread Mike Meyer
Hi Mark, > When dumping to a file, dump writes this file chmod 644. When the > root-partition is being backed-up, this leaves the dump-file vulnerable > to scanning by unprivileged users for the duration of the dump. This is an important issue you've found in dump. Please submit a PR with the sen

Re: security vulnerability in dump

2003-01-07 Thread Mark
- Original Message - From: "Andrew Prewett" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 07, 2003 6:06 PM Subject: Re: security vulnerability in dump > Today Mark wrote: > > > I believe I have found a security vulnerability i

Re: security vulnerability in dump

2003-01-07 Thread Andrew Prewett
Today Mark wrote: > I believe I have found a security vulnerability in dump, which, under the > right conditions, allows any user with shell-access to gain root-privileges. > > When dumping to a file, dump writes this file chmod 644. When the > root-partition is being backed-up,

Re: security vulnerability in dump

2003-01-07 Thread Andrew Prewett
Today Mark wrote: > I believe I have found a security vulnerability in dump, which, under the > right conditions, allows any user with shell-access to gain root-privileges. > > When dumping to a file, dump writes this file chmod 644. When the > root-partition is being backed-up,

security vulnerability in dump

2003-01-07 Thread Mark
I believe I have found a security vulnerability in dump, which, under the right conditions, allows any user with shell-access to gain root-privileges. When dumping to a file, dump writes this file chmod 644. When the root-partition is being backed-up, this leaves the dump-file vulnerable to