maj@cl.cam.ac.uk (Martyn Johnson) (05/02/91)
I thought I would share with you all a gem of an SPR response I
received today. The SPR was submitted on 16 Nov 1989, and read
as follows:
The /etc/dump program has been modified in recent versions
of Ultrix so that it prints out "Must be superuser to run
dump". This is pointless, unnecessary, and annoying.
It is pointless because dump is not a privileged program (i.e.
not setuid) and hence cannot do anything that a programmer
cannot do for himself anyway. Anybody could take a copy of
/etc/dump and patch out the superuser test, and run the copy.
It is unnecessary because the ability to dump a disc requires
access to the device special file. /etc/dump might reasonably
check its access to the deivce and give a helpful message if
access is denied.
It is annoying because it is sometimes useful to allow a
non-superuser to dump a partition. In particular, one might
wish to give an operator group the appropriate access tp
allow operations staff to dump without giving them full
privilege.
The reply reads as follows:
Thank you for your suggestion.
The restriction of superuser access to the dump(8) command was
established due to customer requests in the area of system
security. It was felt by these customers that only the superuser
should have access to the raw disk via the dump command so that
unscrupulous users could not gain access to data which would not
normally be available to them.
Now, wasn't that worth waiting for?
Martyn Johnson maj@cl.cam.ac.uk
University of Cambridge Computer Lab
Cambridge UK.