maj@cl.cam.ac.uk (Martyn Johnson) (05/02/91)
I thought I would share with you all a gem of an SPR response I received today. The SPR was submitted on 16 Nov 1989, and read as follows: The /etc/dump program has been modified in recent versions of Ultrix so that it prints out "Must be superuser to run dump". This is pointless, unnecessary, and annoying. It is pointless because dump is not a privileged program (i.e. not setuid) and hence cannot do anything that a programmer cannot do for himself anyway. Anybody could take a copy of /etc/dump and patch out the superuser test, and run the copy. It is unnecessary because the ability to dump a disc requires access to the device special file. /etc/dump might reasonably check its access to the deivce and give a helpful message if access is denied. It is annoying because it is sometimes useful to allow a non-superuser to dump a partition. In particular, one might wish to give an operator group the appropriate access tp allow operations staff to dump without giving them full privilege. The reply reads as follows: Thank you for your suggestion. The restriction of superuser access to the dump(8) command was established due to customer requests in the area of system security. It was felt by these customers that only the superuser should have access to the raw disk via the dump command so that unscrupulous users could not gain access to data which would not normally be available to them. Now, wasn't that worth waiting for? Martyn Johnson maj@cl.cam.ac.uk University of Cambridge Computer Lab Cambridge UK.