[ http://www.rootshell.com/ ]

Date:         Wed, 21 Oct 1998 18:14:53 -0400
From:         joshua grubman <jg@FALSE.NET>
Subject:      solaris tape dev permission stupidity

hi,

this is rather silly and obvious, but i couldn't find anything in seaching
the old archives on geek-girl.com.

problem:

under solaris, scsi tape devices (/dev/rmt/*, which are linked to the
st@x,x: devs in /devices) are created with the permissions bits set to 666.
this allows a mallicious user with a login on your system to 'mt erase' the
contents of any tape devices connected to your system.

solution:

this is a tough one. i'll let you figure it out yourself.

~josh

---
josh grubman / http://false.net/~jg
"if you don't ask, i won't upset you"