Re: Amanda multiple vendor local root compromises

[billf () CHC-CHIMES COM (Bill Fumerola)]

On Mon, 1 Nov 1999, Chris Tobkin wrote:

> I doubt that this is OS specific in the installation, but all the installs
> of amanda i've seen (and have running here) have runtar suid root, but
> perm'd to 7450 (other can't exec it).  It may be part of the packages
> bundled with FreeBSD.. All of our builds are local compilations from
> source...  (In fact, all the suid binaries installed by a `make install`
> are perm'd o-rwx  and have a gid of sys or other) -- All I have for
> reference here are solaris and AIX machines.. can anyone else confirm?

[hawk-billf] /home/billf/cvswork > ls -l /usr/local/libexec/amanda/runtar
-rwsr-xr-x  1 root  wheel  3915 Oct 29 07:46 /usr/local/libexec/amanda/runtar

I'm not speaking on behalf of FreeBSD: The FreeBSD port does just use amanda's
build scheme and doesn't circumvent it. It also passes to configure:
                --with-user=operator --with-group=operator

I'll look into this, and I've cc:'d the maintainer of the port and the
FreeBSD security officer.

--
- bill fumerola - billf () chc-chimes com - BF1560 - computer horizons corp -
- ph:(800) 252-2421 - bfumerol () computerhorizons com - billf () FreeBSD org  -