[21890] in bugtraq
RE: permission probs with Arkeia
daemon@ATHENA.MIT.EDU (Thomas Broniecki)
Thu Jul 26 17:54:17 2001
Reply-To: <tb@joslyn.org>
From: "Thomas Broniecki" <tb@joslyn.org>
To: <bugtraq@securityfocus.com>
Date: Wed, 25 Jul 2001 16:51:31 -0500
Message-ID: <000201c11553$f7af1540$0700a8c0@joslyn.org>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <3B5F0855.DBCCAAED@cyberdude.com>
Yup, The /usr/knox/arkeia/dbase is a directory tree structure for all the
backup routines and I too can access files as a non-privileged user. I have
looked for actual file names in the dbase/ directory, but haven't found any
in plain text yet. Although I could view my directory structures, library
information files, DAT pack information files, and master id number. Scary
for sure.
Non the less, if you have active non-privileged users on the backup server,
those permissions stink. There shouldn't be anyone viewing directory
information or anything else for that matter regarding backups. I don't
allow any other user on my backup server, no need to. Until Knox fixes this,
deny non-privileged users on the box if you can.
At any case, Knox needs to fix this issue. If anything, drastically limit
the access to only root or a privileged backup account.
tb.
> -----Original Message-----
> From: bwatson@www.nettracers.com [mailto:bwatson@www.nettracers.com]On
> Behalf Of Bryan K. Watson
> Sent: Wednesday, July 25, 2001 12:57 PM
> To: bugtraq@securityfocus.com
> Subject: Re: permission probs with Arkeia
>
>
> I have tested this and I can read the contents of all
> database files as
> an unprivileged user in our ARKEIA servers. So if I can get all
> directory information from the ARKEIA backup trees, and I can get the
> filenames from the database files, then I can launch specific exploits
> to grab the files that I am interested in...dangerous,
> considering that
> most cracking takes place from within the company according
> to published
> stats.
>
> -Bryan
