<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: Amanda multiple vendor local root compromises

Re: Amanda multiple vendor local root compromises

From: Rob <capveg_at_CS.UMD.EDU>
Date: Mon, 1 Nov 1999 19:24:09 -0500

>Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls
>/usr/bin/tar and passes all args given to runtar to this program. Tar is

FWIW, runtar does not need to be suid root if the amanda user (defaults to
user "amanda") has read access to the raw disks. This is typically
accomplished
by adding amanda to which ever group owns the disks. This doesn't fix the
buffer overflow problem in tar, but it is a decent work around.

Of course, it would be better if setuid root were not the default
configuration:(

- Rob
.
Received on Nov 01 1999

This message: [ Message body ]
Next message: Crispin Cowan: "Re: Stack Shield 0.6 beta relased"
Previous message: Chris Tobkin: "Re: Amanda multiple vendor local root compromises"
In reply to: Tellier, Brock: "Amanda multiple vendor local root compromises"
Next in thread: monti: "Re: Amanda multiple vendor local root compromises"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos