[21820] in bugtraq
Re: permission probs with Arkeia
daemon@ATHENA.MIT.EDU (Daniel Wittenberg)
Tue Jul 24 15:12:56 2001
Date: Mon, 23 Jul 2001 16:34:37 -0500
From: Daniel Wittenberg <daniel-wittenberg@uiowa.edu>
To: <bugtraq@securityfocus.com>
Message-ID: <B782029D.6FB%daniel-wittenberg@uiowa.edu>
In-Reply-To: <002101c113b2$0b967240$0700a8c0@joslyn.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
I have seen this on at least 3 default-installs for arkeia. One person as
over 1/4 million files, some 0 length, some not. This is on RH 6.2, 2.2.17,
2.2.19, and 2.2.16. So you have _no_ files with 666? Have you done a find
for files in the /usr/knox with permissions of at least 666? nlserved is
running as root, and root:root is who owns all the files in /usr/knox/*
Knox finally responded to me and told me they saw it as a known "oversight"
and it would be fixed in 5.0, some day, but they don't know when that will
be released. I wouldn't consider that acceptable for a security patch.
Dan
=========================
Daniel Wittenberg
System Administrator
University of Iowa
http://dan.its.uiowa.edu
> From: "Thomas Broniecki" <tb@joslyn.org>
> Reply-To: <tb@joslyn.org>
> Date: Mon, 23 Jul 2001 14:59:55 -0500
> To: "'Daniel Wittenberg'" <daniel-wittenberg@uiowa.edu>
> Subject: RE: permission probs with Arkeia
>
> I'm running commercial version arkeia-server v4.2.8-2, arkeia-client
> v4.2.15-1 on RedHat 6.2 w/ kernel 2.2.19. NLSERVD is run by root and all my
> permissions are 755 in the /usr/knox/arkeia/dbase directory. I have not
> noticed a permissions issue with my backup server dbase file sets.
>
> Check to see if NLSERVD is run by root. who is the owner and group of the
> directory dbase/?
>
> tb.
>
>
>
> -------------------------------------------------
> Thomas Broniecki
> IT Manager/Network Administrator
> Joslyn Art Museum
> http://www.joslyn.org
>
>
>> -----Original Message-----
>> From: Daniel Wittenberg [mailto:daniel-wittenberg@uiowa.edu]
>> Sent: Monday, July 23, 2001 1:16 PM
>> To: bugtraq@securityfocus.com
>> Subject: permission probs with Arkeia
>>
>>
>> While working with the commercial version of Arkeia backup software I
>> noticed it creates most of it's "database" files with the
>> permissions of
>> 666. This was version 4.2.8-2 of the server, and I had
>> noticed this several
>> updates ago, so it's been going on for some time. The
>> database files are
>> located in /usr/knox/arkeia/dbase. I have tried resetting
>> the permissions
>> on the files, but they get reset again when backup runs
>> again. I tried
>> contacting Knox Software but was told more than once that
>> basically I don't
>> have a support contract so they wouldn't talk to me - they
>> were warned. I
>> wasn't able to find anything about this in their documentation.
>>
>> Dan
>>
>> =========================
>> Daniel Wittenberg
>> System Administrator
>> University of Iowa
>> http://dan.its.uiowa.edu
>
