|
|
Solaris Tape Device Permissions Vulnerability
Solution: The correct and recommend fix is to run bsmconv to turn on device allocation. This sets all of the device files for removable media devices such as tapes to 0000. A user who then wants to use a tape should then: allocate st0 insert tape into drive tar/ufs*/cpio/dd whatever remove tape from drive dealloate st0 The same applies to audio and cd devices, though the audio devices are better dealt with using /etc/logindevperm. If you are concerned about security on Solaris you should always run bsmconv to turn on auditing and device allocation and run ASET to ensure other perms etc are sorted out. (/usr/aset/aset -l high -p) |
|
Privacy Statement |