Date: Thu, 09 Dec 1999 15:58:50 -0500 From: "Michael R. Wayne" <wayne@staff.msen.com> To: ports@freebsd.org Subject: Amanda 2.3.0 port Message-ID: <199912092058.PAA12602@manor.msen.com>
next in thread | raw e-mail | index | archive | help
This port sets the permissions wrong on runtar (other should be 0) causing a security hole. Any normal user can execute runtar which then runs tar as root with no restrictions so runtar -cf foo /etc/master.passwd will give peon user a copy of master.passwd. /\/\ \/\/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912092058.PAA12602>