grr@cbmvax.UUCP (George Robbins) (05/17/89)
The other day, I checked with the CSC people to see if there were
any "known problems" that I should know about prior to installing
Ultrix 3.0. Seems there is, nothing earthshaking, but some items
you might need to know about.
I'd post the info file from the tape, but I'm not sure what
the exact deal is on that, so I'll leave to some brave DEC person:
Problem areas:
bindsetup, ultrixboot and TK70 for 6xxx systems
shared memory segments, named pipes, lock deamon, nfs w/SunOS 4.x
serial drivers, 86xx massbus tape, dump w/tu81
Some of the problems *can* cause panics or raise security issues.
I just found an incredibly irritating DEC "feature" last night.
It seems that they've put a check in dump so that only "root" is
allowed to run it. This really hurts security, since now I have
to let somebody log in as root to do dumps, where they can
accidentally screw up all kinds of stuff. I'm getting tired of
having to remove misspelled versions of "/dev/nrmt0h" from my
/dev directory when somebody misses the tape and the dump trys
to go to disk and fills up the root partition.
The right check is of course the one implemented by default in the
BSD dump command. If a disk parition is readable from the account
runing dump, then you can do the dump, otherwise no. This means
that I can have all of /dev/rhp* group readable by group "operator"
so that the operator can do dumps and write to /etc/dumpdates,
but otherwise has no special privleges/risks. If your raw disk
paritions are readable by random users, you have more problems than
whether or not people can run the dump command....
--
George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr
but no way officially representing arpa: cbmvax!grr@uunet.uu.net
Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)