Re: [Re: Amanda multiple vendor local root compromises]

[frank () KENT ANSTO GOV AU (Frank Crawford)]

On Nov 2,  1:43pm, Robert Watson wrote:
> Subject: Re: [Re: Amanda multiple vendor local root compromises]
...
> It should also be pointed out that the symlink bug described in the
> original post seems to be a bug in Amanda that is not platform-specific --
> I haven't seen any further comment on that, only on the package
> installation.  Has anyone verified that the amanda.debug file is created
> in such a way that a) it has a predictable name, and b) it follows
> symlinks?  Really, it should probably go in /var/run (or equiv directory
> on whatever OS), should be created using O_CREAT and O_EXCL, or should be
> created using mktemp.  Probably the first option is best.

I'll make a comment on that.  On our systems all the amanda temp files are now
created in a directory /tmp/amanda, which has access only to the amanda user
(i.e. 700).  This is for amanda ver 2.4.1p1, and was compiled locally
(unfortunately, not by me, so I don't know if there were any special options).
 I know that previous version did create such files in /tmp.

                                                                        Frank

--
Frank Crawford          Email:  frank () ansto gov au   Postal: PMB 1
Site Systems Manager    Phone:  +61 2 9717 3015                 Menai NSW 2234
ANSTO                   Fax:    +61 2 9717 9273                 Australia

PGP Fingerprint: (8BB1C821) 06 4F 35 82 1D D6 0E 56  9F AB B8 F7 67 AF 1A 9D