From owner-freebsd-ports  Thu Dec  9 12:58:58 1999
Delivered-To: freebsd-ports@freebsd.org
Received: from manor.msen.com (manor.msen.com [148.59.4.13])
	by hub.freebsd.org (Postfix) with ESMTP id AED4714C04
	for <ports@freebsd.org>; Thu,  9 Dec 1999 12:58:53 -0800 (PST)
	(envelope-from wayne@staff.msen.com)
Received: from manor.msen.com (LOCALHOST [127.0.0.1])
	by manor.msen.com (8.8.8/8.8.8) with ESMTP id PAA12602
	for <ports@freebsd.org>; Thu, 9 Dec 1999 15:58:50 -0500 (EST)
	(envelope-from wayne@manor.msen.com)
Message-Id: <199912092058.PAA12602@manor.msen.com>
To: ports@freebsd.org
Subject: Amanda 2.3.0 port
From: "Michael R. Wayne" <wayne@staff.msen.com>
Date: Thu, 09 Dec 1999 15:58:50 -0500
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


This port sets the permissions wrong on runtar (other should be 0)
causing a security hole.  Any normal user can execute runtar which
then runs tar as root with no restrictions

so runtar -cf foo /etc/master.passwd will give peon user a copy
of master.passwd.

/\/\ \/\/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message