On Tue, Nov 16, 1999 at 10:43:11PM +0100, Gustav Schaffter wrote:
> Steve,
>
> Thanks once again for your help. (It's not the first time. :-)
>
> One thing, though. I haven't changed this myself. This must have been like
> this since the initial installation of RH6.
>
> Is this a known 'glitch' in the RH6.0 installation or has something odd
> happened to my system?
I think it was one of those things where noone payed much attention to it
until some figured out it was an exploit, so the people who maintain the
swapon utility decided to add that warning message to inform people of the
risk. (People in group 'disk' can vi /dev/hda9 and browse stuff in other
process's virtual memory space).
What happens is that RH by default installs all of your disk partition
device nodes with 0660 permissions, so that people in group 'disk' can
manage your hard drives. When these nodes are created during your
install, they don't know which partition(s) are going to be your swap
partition, so they have to chmod them later in the install after you've
identified which ones are swap partitions.
For whatever reason, this wasn't done on your machine. It was probably an
oversight in the RH6.1 upgrade script. AFAIK, none of the earlier
versions of RH even knew of the exploit. Since, by default, only root is
a member of group disk, it's not a very big hole.
> P.S. I think a *small* light went up. All this stuff that 'in UNIX,
> everything is a file' can also be seen as that a device is a (virtual)
> file, right? As such, you can set permisions on it.
Right. The kernel uses the permissions on the device node file to
determine access rights to that driver (and thus, indirectly, the hardware
itself).
--
Steve Borho
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
