grr@cbmvax.UUCP (George Robbins) (05/17/89)
The other day, I checked with the CSC people to see if there were any "known problems" that I should know about prior to installing Ultrix 3.0. Seems there is, nothing earthshaking, but some items you might need to know about. I'd post the info file from the tape, but I'm not sure what the exact deal is on that, so I'll leave to some brave DEC person: Problem areas: bindsetup, ultrixboot and TK70 for 6xxx systems shared memory segments, named pipes, lock deamon, nfs w/SunOS 4.x serial drivers, 86xx massbus tape, dump w/tu81 Some of the problems *can* cause panics or raise security issues. I just found an incredibly irritating DEC "feature" last night. It seems that they've put a check in dump so that only "root" is allowed to run it. This really hurts security, since now I have to let somebody log in as root to do dumps, where they can accidentally screw up all kinds of stuff. I'm getting tired of having to remove misspelled versions of "/dev/nrmt0h" from my /dev directory when somebody misses the tape and the dump trys to go to disk and fills up the root partition. The right check is of course the one implemented by default in the BSD dump command. If a disk parition is readable from the account runing dump, then you can do the dump, otherwise no. This means that I can have all of /dev/rhp* group readable by group "operator" so that the operator can do dumps and write to /etc/dumpdates, but otherwise has no special privleges/risks. If your raw disk paritions are readable by random users, you have more problems than whether or not people can run the dump command.... -- George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr but no way officially representing arpa: cbmvax!grr@uunet.uu.net Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)