I have tested this and I can read the contents of all database files as an unprivileged user in our ARKEIA servers. So if I can get all directory information from the ARKEIA backup trees, and I can get the filenames from the database files, then I can launch specific exploits to grab the files that I am interested in...dangerous, considering that most cracking takes place from within the company according to published stats. -Bryan Thomas Broniecki wrote: > > I'm running commercial version arkeia-server v4.2.8-2, arkeia-client > v4.2.15-1 on RedHat 6.2 w/ kernel 2.2.19. NLSERVD is run by root and all my > permissions are 755 in the /usr/knox/arkeia/dbase directory. I have not > noticed a permissions issue with my backup server dbase file sets. > > Check to see if NLSERVD is run by root. who is the owner and group of the > directory dbase/? > > tb. >
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 12:41:28 PDT