Bugtraq mailing list archives
Re: [Re: Amanda multiple vendor local root compromises]
From: frank () KENT ANSTO GOV AU (Frank Crawford)
Date: Thu, 4 Nov 1999 10:42:48 +1100
On Nov 2, 1:43pm, Robert Watson wrote:
Subject: Re: [Re: Amanda multiple vendor local root compromises]
...
It should also be pointed out that the symlink bug described in the original post seems to be a bug in Amanda that is not platform-specific -- I haven't seen any further comment on that, only on the package installation. Has anyone verified that the amanda.debug file is created in such a way that a) it has a predictable name, and b) it follows symlinks? Really, it should probably go in /var/run (or equiv directory on whatever OS), should be created using O_CREAT and O_EXCL, or should be created using mktemp. Probably the first option is best.
I'll make a comment on that. On our systems all the amanda temp files are now created in a directory /tmp/amanda, which has access only to the amanda user (i.e. 700). This is for amanda ver 2.4.1p1, and was compiled locally (unfortunately, not by me, so I don't know if there were any special options). I know that previous version did create such files in /tmp. Frank -- Frank Crawford Email: frank () ansto gov au Postal: PMB 1 Site Systems Manager Phone: +61 2 9717 3015 Menai NSW 2234 ANSTO Fax: +61 2 9717 9273 Australia PGP Fingerprint: (8BB1C821) 06 4F 35 82 1D D6 0E 56 9F AB B8 F7 67 AF 1A 9D
Current thread:
- Re: [Re: Amanda multiple vendor local root compromises], (continued)
- Re: [Re: Amanda multiple vendor local root compromises] Peter Walker (Nov 01)
- Re: [Re: Amanda multiple vendor local root compromises] Robert Watson (Nov 02)
- [debian] New version of nis released Aleph One (Nov 02)
- RFP9907: You, your servers, RDS, and thousands of script kiddies .rain.forest.puppy. (Nov 03)
- UnixWare 7's dtappgather Elias Levy (Nov 03)
- NeoPlanet Saves all emails in Plain text James J. Capone (Nov 03)
- hylafax-4.0.2 local exploit Tellier, Brock (Nov 03)
- IE 5.0 vulnerabilities using HTTP redirection Georgi Guninski (Nov 04)
- Re: [Re: Amanda multiple vendor local root compromises] Alexandre Oliva (Nov 02)
- Re: [Re: Amanda multiple vendor local root compromises] Bruce A. Mah (Nov 02)
- Re: [Re: Amanda multiple vendor local root compromises] Frank Crawford (Nov 03)
- Re: [Re: Amanda multiple vendor local root compromises] Alexandre Oliva (Nov 03)
- Re: [Re: Amanda multiple vendor local root compromises] Peter Walker (Nov 01)