Bugtraq mailing list archives
Re: Amanda multiple vendor local root compromises
From: capveg () CS UMD EDU (Rob)
Date: Mon, 1 Nov 1999 19:24:09 -0500
Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls /usr/bin/tar and passes all args given to runtar to this program. Tar is
FWIW, runtar does not need to be suid root if the amanda user (defaults to user "amanda") has read access to the raw disks. This is typically accomplished by adding amanda to which ever group owns the disks. This doesn't fix the buffer overflow problem in tar, but it is a decent work around. Of course, it would be better if setuid root were not the default configuration:( - Rob .
Current thread:
- Amanda multiple vendor local root compromises Tellier, Brock (Oct 30)
- Re: Amanda multiple vendor local root compromises Ian Turner (Nov 01)
- Re: Amanda multiple vendor local root compromises Chris Tobkin (Nov 01)
- Re: Amanda multiple vendor local root compromises Bill Fumerola (Nov 01)
- Re: Amanda multiple vendor local root compromises monti (Nov 01)
- Re: Amanda multiple vendor local root compromises Rob (Nov 01)
- Unqualified Postings edi () GANYMED ORG (Nov 01)
- Re: Unqualified Postings v0rt (Nov 02)
- <Possible follow-ups>
- Re: Amanda multiple vendor local root compromises Alexandre Oliva (Nov 02)
- Re: Amanda multiple vendor local root compromises Alexandre Oliva (Nov 02)