Greetings.
I am running ADSTAR Distributed Storage Manager, SCO client, Version 2,
Release 1, Level 0.3 (PTF IP20678) under emulation using Linux iBCS.
Thank you to everyone who helped me get started with using Linux and ADSM.
I am currently testing the software, and seeing if it works properly. I
don't (yet) have a server to connect to. Right now I'm just playing
around.
As a regular user, I ran "dsm" and got the following:
Script started on Mon May 6 20:35:07 1996
cal:~> whoami
nickkral
cal:~> pwd
/home/nickkral
cal:~> ls -la *.log
ls: No match.
cal:~> dsm
Warning: Cannot convert string "dos6x13" to type FontStruct
cal:~> ls -la *.log
-rw-r--r-- 1 nickkral users 287 May 6 20:35 dsmerror.log
cal:~> exit
Script done on Mon May 6 20:35:52 1996
So I see it created a log file for me.
However, when I move to a different directory, a directory where I don't
have access to modify the files, it still creates the log file.
Script started on Mon May 6 20:39:03 1996
cal:~> cd /usr/lib/modules
cal:/usr/lib/modules> ls -lad .
drwxr-xr-x 2 root root 1024 Feb 8 10:11 .
cal:/usr/lib/modules> ls -lad *.log
ls: No match.
cal:/usr/lib/modules> whoami
nickkral
cal:/usr/lib/modules> dsm
Warning: Cannot convert string "dos6x13" to type FontStruct
cal:/usr/lib/modules> ls -lad *.log
-rw-r--r-- 1 nickkral users 287 May 6 20:40 dsmerror.log
cal:/usr/lib/modules> rm dsmerror.log
rm: remove `dsmerror.log'? y
rm: dsmerror.log: Permission denied
cal:/usr/lib/modules> exit
Script done on Mon May 6 20:41:10 1996
Isn't this a bad security hole? A normal user can create files anywhere
on the system.
Here are the contents of my /usr/adsm/dsm.sys and /usr/adsm/dsm.opt
files:
----- Begin /usr/adsm/dsm.sys -----
SErvername server_a
COMMmethod TCPip
TCPPort 1600
TCPServeraddress backup.berkeley.edu
NODename cal
COMPress YES
SCHedlogr 15,N
SCHEDLOGNAME /var/log/dsmsched.log
----- End /usr/adsm/dsm.sys -----
----- Begin /usr/adsm/dsm.opt -----
SErvername server_a
* Errorlogr 15,N
TAPEPrompt ON
domain /
----- End /usr/adsm/dsm.opt -----
I noticed in the /usr/adsm/README file there was a section titled "APARS
FIXED IN PTFS" which listed:
---------------------------------------------------
PTF IP20678 - Version 2, Release 1, Level 0.3
---------------------------------------------------
[deleted]
IC12168 - The owner id of dsmerror.log should be the id of the
real user who created dsmerror.log.
Later appends should not change the owner and group.
This seems to be an extention of the same problem, and not really fixed.
In fact, if I remove the "*" from in front of the "Errorlogr 15,N" line,
it creates a file with owner root when run by a normal user!
Can someone confirm that this is a bug (or security hole!), and if so, are
there fixes available? Is there anyway I can stop normal users from
creating files on the system, wherever they want to?
Take care,
-- Nick Kralevich
nickkral AT cal.alumni.berkeley DOT edu
nickkral AT cal.alumni.berkeley DOT edu
|