Re: permission probs with Arkeia

From: Daniel Wittenberg (daniel-wittenbergat_private)
Date: Mon Jul 23 2001 - 14:34:37 PDT

Next message: Emre Yildirim: "RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"

Previous message: Thomas Broniecki: "RE: permission probs with Arkeia"
Next in thread: Thomas Broniecki: "RE: permission probs with Arkeia"
Next in thread: Phil Stracchino: "Re: permission probs with Arkeia"
Reply: Thomas Broniecki: "RE: permission probs with Arkeia"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have seen this on at least 3 default-installs for arkeia.  One person as
over 1/4 million files, some 0 length, some not.  This is on RH 6.2, 2.2.17,
2.2.19, and 2.2.16.  So you have _no_ files with 666?  Have you done a find
for files in the /usr/knox with permissions of at least 666?  nlserved is
running as root, and root:root is who owns all the files in /usr/knox/*
Knox finally responded to me and told me they saw it as a known "oversight"
and it would be fixed in 5.0, some day, but they don't know when that will
be released.  I wouldn't consider that acceptable for a security patch.

Dan

=========================
Daniel Wittenberg
System Administrator
University of Iowa
http://dan.its.uiowa.edu

> From: "Thomas Broniecki" <tbat_private>
> Reply-To: <tbat_private>
> Date: Mon, 23 Jul 2001 14:59:55 -0500
> To: "'Daniel Wittenberg'" <daniel-wittenbergat_private>
> Subject: RE: permission probs with Arkeia
> 
> I'm running commercial version arkeia-server v4.2.8-2, arkeia-client
> v4.2.15-1 on RedHat 6.2 w/ kernel 2.2.19. NLSERVD is run by root and all my
> permissions are 755 in the /usr/knox/arkeia/dbase directory. I have not
> noticed a permissions issue with my backup server dbase file sets.
> 
> Check to see if NLSERVD is run by root. who is the owner and group of the
> directory dbase/?
> 
> tb.
> 
> 
> 
> -------------------------------------------------
> Thomas Broniecki
> IT Manager/Network Administrator
> Joslyn Art Museum
> http://www.joslyn.org
> 
> 
>> -----Original Message-----
>> From: Daniel Wittenberg [mailto:daniel-wittenbergat_private]
>> Sent: Monday, July 23, 2001 1:16 PM
>> To: bugtraqat_private
>> Subject: permission probs with Arkeia
>> 
>> 
>> While working with the commercial version of Arkeia backup software I
>> noticed it creates most of it's "database" files with the
>> permissions of
>> 666.  This was version 4.2.8-2 of the server, and I had
>> noticed this several
>> updates ago, so it's been going on for some time.  The
>> database files are
>> located in /usr/knox/arkeia/dbase.  I have tried resetting
>> the permissions
>> on the files, but they get reset again when backup runs
>> again.  I tried
>> contacting Knox Software but was told more than once that
>> basically I don't
>> have a support contract so they wouldn't talk to me - they
>> were warned.  I
>> wasn't able to find anything about this in their documentation.
>> 
>> Dan
>> 
>> =========================
>> Daniel Wittenberg
>> System Administrator
>> University of Iowa
>> http://dan.its.uiowa.edu
>

Next message: Emre Yildirim: "RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Previous message: Thomas Broniecki: "RE: permission probs with Arkeia"
Next in thread: Thomas Broniecki: "RE: permission probs with Arkeia"
Next in thread: Phil Stracchino: "Re: permission probs with Arkeia"
Reply: Thomas Broniecki: "RE: permission probs with Arkeia"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 11:54:07 PDT