On Nov 1, 1999, Brock Tellier <btellierat_private> wrote: > On my system (FreeBSD 3.3-RELEASE + amanda-2.4.1 package included on CD): > -rwsr-xr-x root/wheel > And thus ANY user, not just amanda/bin/operator can exploit runtar. > Obviously, from the replies I've recieved, this is an error in the package > installation, but I assure you that it was entierly automated by > /stand/sysinstall and not fooled with by me. Amanda strongly advises against the use of pre-compiled packages, because there are a couple of options hard-coded at build time, some of which have to do with the user and group authorized to make use of Amanda. Nevertheless, many vendors insist in releasing such pre-compiled packages, often without documenting the options used to configure the executables, and users get immensely confused when they find some behavior that contradicts the default specified in the documentation :-( If you're a security concerned system administrator, you'd better build Amanda yourself, so as to be sure to be able to customize all the general- and security-related options to your own needs. -- Alexandre Oliva http://www.ic.unicamp.br/~oliva IC-Unicamp, Bra[sz]il oliva@{lsd.ic.unicamp.br,guarana.{org,com}} aoliva@{acm,computer}.org oliva@{gnu.org,kaffe.org,{egcs,sourceware}.cygnus.com,samba.org} ** I may forward mail about projects to mailing lists; please use them
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:26 PDT