Date: Thu, 9 Dec 1999 21:07:24 +0000 From: Josef Karthauser <joe@pavilion.net> To: "Michael R. Wayne" <wayne@staff.msen.com> Cc: ports@FreeBSD.ORG Subject: Re: Amanda 2.3.0 port Message-ID: <19991209210724.P97382@florence.pavilion.net> In-Reply-To: <199912092058.PAA12602@manor.msen.com> References: <199912092058.PAA12602@manor.msen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 09, 1999 at 03:58:50PM -0500, Michael R. Wayne wrote: > > This port sets the permissions wrong on runtar (other should be 0) > causing a security hole. Any normal user can execute runtar which > then runs tar as root with no restrictions > > so runtar -cf foo /etc/master.passwd will give peon user a copy > of master.passwd. > > /\/\ \/\/ You're running a way old version of amanda. You may wish to look at running: amanda-2.4.1 instead. Joe p.s. We're currently running SNAPSHOT_2_4_2_19990816, but not from the ports. We've been backing up using amanda since RELEASE_2_4_0_980222, with minimum trouble. (I currently backup about 20 servers, 10-30 gb a day ;). -- Josef Karthauser FreeBSD: How many times have you booted today? Technical Manager Viagra for your server (http://www.uk.freebsd.org) Pavilion Internet plc. [joe@pavilion.net, joe@uk.freebsd.org, joe@tao.org.uk] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991209210724.P97382>