Margot Miller wrote:
> You can say John and you can cay that he (comming from host "*" or
> "foo") is
> able to access the following files (using patterns). The main reason for
> thisis that rmt
> (the historical implementation) may be abused to read /etc/passwd but
> you may like to
> give John only the permission to access /dev/rmt/* on the tape server or
> /export/dumps/*
> on the intermediate disk storage server.
But if it's not setuid, and thus running as John, and executed by passing
it's pathname via rsh/ssh, what's to stop John from building his own rmt
without that restriction and having it specified as the argument for
rsh/ssh to run instead?
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
