On 14 November 1995, Brett Lymn wrote: > According to Jake Luck: > > > >yeah, but what about /usr/sbin/ufsrestore ? > > > >it is statically linked, utilizes syslog, and suid root. > > > > If you are a BOFH then just kill the setuid bit on ufsrestore. It > means that root has to do the restores but it does close an awful lot > of holes (like someone dragging in a QIC and restoring their favourite > version of /etc/passwd.... need I say more?). Or you could just > remove the global rx though this may bugger up remote root users. Yes, /usr/sbin/ufsrestore is suid root on my Solaris 2 box. But it is more careful than to allow an unprivileged user create or overwrite files just anywhere. # ufsdump 0f /tmp/x.dump /etc/fs DUMP: Writing 32 Kilobyte records DUMP: Date of this level 0 dump: Fri Nov 17 14:33:04 1995 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rdsk/c0t3d0s0 (chimaera:/) to /tmp/x.dump. DUMP: Mapping (Pass I) [regular files] DUMP: Mapping (Pass II) [directories] DUMP: Estimated 1646 blocks (823KB). DUMP: Dumping (Pass III) [directories] DUMP: Dumping (Pass IV) [regular files] DUMP: 1598 blocks (799KB) on 1 volume at 254 KB/sec DUMP: DUMP IS DONE # chmod 644 /tmp/x.dump # mkdir /tmp/y # ls -ld /tmp/y drwxr-xr-x 2 root other 37 Nov 17 14:33 /tmp/y $ ufsrestore rf /tmp/x.dump ./lost+found: (inode 3) not found on volume ./usr: (inode 2688) not found on volume ./opt: (inode 161334) not found on volume Warning: ./etc: Permission denied ./etc/cron.d: (inode 10752) not found on volume Warning: ./etc/fs: No such file or directory Warning: ./etc/fs/hsfs: No such file or directory Warning: ./etc/fs/nfs: No such file or directory Warning: ./etc/fs/ufs: No such file or directory Warning: ./etc/fs/proc: No such file or directory [...lots of `not found on volume' as I didn't backup the whole filesystem...] ./ksc: (inode 46180) not found on volume fopen: Permission denied cannot create save file ./restoresymtable for symbol table abort? [yn] y dump core? [yn] n $ ls -l total 0 $ pwd /tmp/y So it appears that ufsrestore suid root is not a security hole. Would someone with access to Solaris 2.x source like to tell me what ufsrestore needs to be suid root for? And b.t.w., Brett, what does BOFH mean? Sean. -- Sean Vickery <S.Vickery@its.gu.edu.au> Ph: +61 (0)7 3875 6410 Systems Programmer Information Services Griffith University