Margot Miller wrote: > You can say John and you can cay that he (comming from host "*" or > "foo") is > able to access the following files (using patterns). The main reason for > thisis that rmt > (the historical implementation) may be abused to read /etc/passwd but > you may like to > give John only the permission to access /dev/rmt/* on the tape server or > /export/dumps/* > on the intermediate disk storage server.
But if it's not setuid, and thus running as John, and executed by passing it's pathname via rsh/ssh, what's to stop John from building his own rmt without that restriction and having it specified as the argument for rsh/ssh to run instead? -- -Alan Coopersmith- alan.coopersmith at sun.com Sun Microsystems, Inc. - X Window System Engineering