More importantly, you could run a command as root on any box that is backed up by Arkeia. (I'm sure you already know this, but it wasn't completely clear in this e-mail). I forwarded your e-mail to the Arkeia userlist. It seems as though the moderators at Knox don't let these e-mails show up on their userlist though. I forwarded the last security issue that was talked about on bugtrack to the userlist serveral times, but it never appeared. Which doesn't make sense to me. > ##Implications > the password (effectively a root password) once you have access through > the gui, you have the possibility of running a command from the gui > before and after the backup job. This command is run as root and can be > anything. Therefore you have full access to the box to do with as you > please. -- Joe Glass Technical Support Services, Michigan State University phone: 517-355-4500 x240 e-mail: joeat_private
This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 10:31:51 PDT