Bugtraq mailing list archives
Re: [Re: Amanda multiple vendor local root compromises]
From: robert () CYRUS WATSON ORG (Robert Watson)
Date: Tue, 2 Nov 1999 13:43:00 -0500
On Mon, 1 Nov 1999, Peter Walker wrote:
I think it is fair to say that there is a problem with the amanda package as it is shipped on the FreeBSD 3.3 CD, rather than with the amanda backup system itself. It would be interesting to find out if any other "standard" os distributions have similar problems. Personally I would be very wary of entrusting the security of any of our systems to somebody else's packaging of a software package that by its nature requires unrestricted read access to all of my disks.
On the other hand, if you don't trust your OS with the contents of your disk, you're probably not going to install the OS. There is an equally strong argument that you should trust your OS vendor to adapt generally available packages for the local OS environment--often software developers write their software with a particular security architecture in mind (say, Linux or Solaris) which isn't quite the same as the local system (say, OpenBSD or FreeBSD). Installing SSH without vendor patches can often be a problem, as pointed out with the recent chflags-related bugs (where the SSH authors assumed that certain operations would always succeed). OS adaptation places some of the responsibility for security verification on the OS vendor or package developer, which seems appropriate, given that the OS vendor probably understands the OS best. That said, it's probably also best if the OS vendor submits patches back to the software developer, and that the software developer incorporates the patches. There have been a number of cases where the FreeBSD community has failed to submit patches on software back to the developer, so the developer never knew that these changes were required on FreeBSD. There have also been numerous cases where the changes *have* been submitted back, but have been ignored by the vendor. I don't know that Amanda falls into either case, but it is something to consider when judging the merit of even having a OS-specific package system :-). It should also be pointed out that the symlink bug described in the original post seems to be a bug in Amanda that is not platform-specific -- I haven't seen any further comment on that, only on the package installation. Has anyone verified that the amanda.debug file is created in such a way that a) it has a predictable name, and b) it follows symlinks? Really, it should probably go in /var/run (or equiv directory on whatever OS), should be created using O_CREAT and O_EXCL, or should be created using mktemp. Probably the first option is best. Robert N M Watson robert () fledge watson org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services
Current thread:
- Re: [Re: Amanda multiple vendor local root compromises] Brock Tellier (Nov 01)
- Re: [Re: Amanda multiple vendor local root compromises] Peter Walker (Nov 01)
- Re: [Re: Amanda multiple vendor local root compromises] Robert Watson (Nov 02)
- [debian] New version of nis released Aleph One (Nov 02)
- RFP9907: You, your servers, RDS, and thousands of script kiddies .rain.forest.puppy. (Nov 03)
- UnixWare 7's dtappgather Elias Levy (Nov 03)
- NeoPlanet Saves all emails in Plain text James J. Capone (Nov 03)
- hylafax-4.0.2 local exploit Tellier, Brock (Nov 03)
- IE 5.0 vulnerabilities using HTTP redirection Georgi Guninski (Nov 04)
- <Possible follow-ups>
- Re: [Re: Amanda multiple vendor local root compromises] Alexandre Oliva (Nov 02)
- Re: [Re: Amanda multiple vendor local root compromises] Bruce A. Mah (Nov 02)
- Re: [Re: Amanda multiple vendor local root compromises] Frank Crawford (Nov 03)
- Re: [Re: Amanda multiple vendor local root compromises] Alexandre Oliva (Nov 03)
- Re: [Re: Amanda multiple vendor local root compromises] Peter Walker (Nov 01)