Security Problem and ADSM

Greetings.

I am running ADSTAR Distributed Storage Manager, SCO client, Version 2,
Release 1, Level 0.3 (PTF IP20678) under emulation using Linux iBCS.
Thank you to everyone who helped me get started with using Linux and ADSM.

I am currently testing the software, and seeing if it works properly.  I
don't (yet) have a server to connect to.  Right now I'm just playing
around.

As a regular user, I ran "dsm" and got the following:

  Script started on Mon May  6 20:35:07 1996
  cal:~> whoami
  nickkral
  cal:~> pwd
  /home/nickkral
  cal:~> ls -la *.log
  ls: No match.
  cal:~> dsm
  Warning: Cannot convert string "dos6x13" to type FontStruct
  cal:~> ls -la *.log
  -rw-r--r--   1 nickkral users         287 May  6 20:35 dsmerror.log
  cal:~> exit
  Script done on Mon May  6 20:35:52 1996

So I see it created a log file for me.

However, when I move to a different directory, a directory where I don't
have access to modify the files, it still creates the log file.

  Script started on Mon May  6 20:39:03 1996
  cal:~> cd /usr/lib/modules
  cal:/usr/lib/modules> ls -lad .
  drwxr-xr-x   2 root     root         1024 Feb  8 10:11 .
  cal:/usr/lib/modules> ls -lad *.log
  ls: No match.
  cal:/usr/lib/modules> whoami
  nickkral
  cal:/usr/lib/modules> dsm
  Warning: Cannot convert string "dos6x13" to type FontStruct
  cal:/usr/lib/modules> ls -lad *.log
  -rw-r--r--   1 nickkral users         287 May  6 20:40 dsmerror.log
  cal:/usr/lib/modules> rm dsmerror.log
  rm: remove `dsmerror.log'? y
  rm: dsmerror.log: Permission denied
  cal:/usr/lib/modules> exit
  Script done on Mon May  6 20:41:10 1996

Isn't this a bad security hole?  A normal user can create files anywhere
on the system.

Here are the contents of my /usr/adsm/dsm.sys and /usr/adsm/dsm.opt
files:

  ----- Begin /usr/adsm/dsm.sys -----
  SErvername  server_a
     COMMmethod         TCPip
     TCPPort            1600
     TCPServeraddress   backup.berkeley.edu
     NODename cal
     COMPress YES
     SCHedlogr 15,N
     SCHEDLOGNAME /var/log/dsmsched.log
  ----- End /usr/adsm/dsm.sys -----

  ----- Begin /usr/adsm/dsm.opt -----
  SErvername server_a
     *   Errorlogr 15,N
     TAPEPrompt ON
     domain /
  ----- End /usr/adsm/dsm.opt -----

I noticed in the /usr/adsm/README file there was a section titled "APARS
FIXED IN PTFS" which listed:

  ---------------------------------------------------
  PTF IP20678 - Version 2, Release 1, Level 0.3
  ---------------------------------------------------
  [deleted]
  IC12168 - The owner id of dsmerror.log should be the id of the
            real user who created dsmerror.log.
            Later appends should not change the owner and group.

This seems to be an extention of the same problem, and not really fixed.
In fact, if I remove the "*" from in front of the "Errorlogr 15,N" line,
it creates a file with owner root when run by a normal user!

Can someone confirm that this is a bug (or security hole!), and if so, are
there fixes available?  Is there anyway I can stop normal users from
creating files on the system, wherever they want to?

Take care,
-- Nick Kralevich
   nickkral AT cal.alumni.berkeley DOT edu
   nickkral AT cal.alumni.berkeley DOT edu