The three security questions were:
1) root .rhosts file. This is not a real good idea, especially w.r.t. IP
spoofing on local network. Yes, rdump needs this. This makes rdump not
real useful.
The solution is the infamous SUID wrapper. You need to make a tapeuser
account (which needs an .rhosts file), and then use rsh from the machine with
the tape to run the wrapper--which setuid()'s to root and runs dump--and pipe
the data back to dd to write to the tape. I got some source code from a guy
named Andrew that's pretty good, but I haven't implemented it here yet. Any
mee-toos will have to bug me to bug him since I can't just distribute his stuff,
or his e-mail address, without possibly angering one or more people.
One can also rsh to write to the tape, from the dumping machine. Your
choice.
2) change ownership of executables from bin to root? Another idea that's
probably dumb. Glad I asked first. Just proves that you shouldn't believe
everything you see in print, and that goes double on the Internet.
3) swapdefault is world writable. Don't worry about it. Somebody said that
it's a default of DU that links have 777 permission, but the files the link to
have whatever permission they were set with originally--which overrides this.
The existence of this link and where it goes to is checked at boot time; the
kernel sets up the swap system and then the link is not used. The worst thing
that could happen is that somebody would change your swap system for the next
time that you boot.
Received on Mon Feb 12 1996 - 04:56:22 NZDT