ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: cmd, cmdfilename...

1998-10-13 14:14:09
Subject: Re: cmd, cmdfilename...
From: Kells Kearney <kells AT WINTERLAND.MAINLAND.AB DOT CA>
Date: Tue, 13 Oct 1998 12:14:09 -0600 
I have to agree with Tom, this is a problem.  While running the dsmadmc
command on a client machine, I was able to overwrite the /etc/hosts file
on the ADSM server.  The /etc/hosts file had/has permissions of 444...

  So, one easy way of telling whether or not ADSM should overwrite the
file is to check the file's permissions.  :)


kells


Tom Tann{s wrote:

> The problem here, as I see it, is that ANY administrator can issue these
> query-commands.
> We dont give the root-password or the system/unrestricted-privileges of
> adsm to everyone, for obvious reasons..
>
> But when an adsm-admin with no privileges at all can
> destroy the server with a few simple commands, I see this as a potential
> security problem..
>
> To issue the BACKUP VOLHISTORY and BACKUP DEVCONFIG-commands, you must
> have system privilege or unrestricted storage privilege.
>
> On Tue, 13 Oct 1998, Andrew Raibeck wrote:
>
> > Hello Tom,
> >
> > You are correct, the output will be written to the file
> > specified by the CMDFILENAME option. It is up to the
> > user running the command to avoid writing to the wrong
> > file.
> >
> > Of course if the user specifies the name of an existing
> > file that shouldn't be written over, it can cause
> > problems. However there is no way to tell ADSM which
> > files it can and which files it can not write over.
> > Allowing ADSM to writing only new files (as opposed to
> > writing over existing files) would be too
> > restrictive, as many users might want to write to the
> > same file on a daily basis.
> >
> > This behavior is no different than the FILENAMES option
> > available for the BACKUP VOLHISTORY and BACKUP
> > DEVCONFIG commands, or if you redirect the output of
> > your Admin QUERY commands, all of which go back to ADSM
> > Version 1.
> >
> > If you would rather not specify CMDFILENAME on the
> > QUERY DRMEDIA command, you can instead use the
> > SET DRMCMDFILENAME to establish the file name that
> > QUERY DRMEDIA will write to, then omit CMDFILENAME
> > on the QUERY DRMEDIA command.
> >
> > Best regards,
> >
> > Andy
> >
> > Andy Raibeck
> > IBM Storage Systems Division
> > ADSM Client Development
> > e-mail: storman AT us.ibm DOT com
> >
> > With the admin CLI on any client, any addsm-administrator can do the
> > following: (This is just an example on one stupid thing to do...)
> >
> > adsm> q drmedia f=cmd cmd='q libvol 3494 &vol' \
> > cmdfile=/usr/lpp/adsmserv/bin/adsmstart \
> > ANR6763I QUERY DRMEDIA: The specified command has been written to file
> > '/usr/lpp/adsmserv/bin/adsmstart'.
> >
> > Any file on the adsmserver can be overwritten whith these commands, as
> > long as they are not opened by other processes...
> >
> > Is this supposed to be a feature?
> > Or am I missing something here?
> >
> > (Current server: 3.1.2.0, AIX oslevel 4.2.0.0
> >  Admin CLI 2.1.0.4 (Aix)
> >
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: No Compaq Tape Drive support in ADSM !! anyone else have a need??, Donald W. Daniels/FFIC
Next by Date:  Re: cmd, cmdfilename..., Andrew Raibeck
Previous by Thread:  Re: cmd, cmdfilename..., Tom Tann{s
Next by Thread:  Re: cmd, cmdfilename..., Andrew Raibeck
Indexes:  [Date] [Thread] [Top] [All Lists]