Veritas-bu

[Veritas-bu] Unadvertised utility in Netbackup

2006-02-06 14:58:24
Subject: [Veritas-bu] Unadvertised utility in Netbackup
From: pkeating AT bank-banque-canada DOT ca (Paul Keating)
Date: Mon, 6 Feb 2006 14:58:24 -0500
--JqjN.432Mmtxge.n37en.3iSI30T
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----_=_NextPart_001_01C62B57.B007DEAB"
content-class: urn:content-classes:message

------_=_NextPart_001_01C62B57.B007DEAB
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

it's executable by root.
=20
keep unauthorized root out of your box...sleep well at night.
=20
yes, it's a security risk...yes, it can save your butt....yes, you can
shoot yourself in the foot with it...you can even blow your whole leg
off.
=20
anything you can do with bpgp, you can do with a creative backup and
restore.
=20
Paul

        -----Original Message-----
        From: veritas-bu-admin AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On Behalf Of Hampus
Lind
        Sent: February 6, 2006 2:13 PM
        To: veritas-bu AT mailman.eng.auburn DOT edu
        Subject: [Veritas-bu] Unadvertised utility in Netbackup
=09
=09

        Hi all,

        =20

        What are your comments to the bpgp utility, and others, in
netbackup? I understand that it sometimes are useful for backup admins,
my self included. But isen`t it also a great security risk? Does the use
of this utility get logged somewhere?=20

        =20

        Thanks and regards,

        MVH / Hampus Lind
        Rikspolisstyrelsen
        National Police Board
        Tel dir: +46 (0)8 - 401 99 43
        Tel mob: +46 (0)70 - 217 92 66
        E-mail: hampus.lind AT rps.police DOT se

        =20


------_=_NextPart_001_01C62B57.B007DEAB
Content-Type: text/html;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1170" name=3DGENERATOR>
<STYLE>@page Section1 {size: 595.3pt 841.9pt; margin: 70.85pt 70.85pt =
70.85pt 70.85pt; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.E-postmall17 {
        COLOR: windowtext; FONT-FAMILY: Arial
}
DIV.Section1 {
        page: Section1
}
</STYLE>
</HEAD>
<BODY lang=3DSV vLink=3Dpurple link=3Dblue>
<DIV><SPAN class=3D449305519-06022006><FONT face=3DArial color=3D#800000 =
size=3D2>it's=20
executable by root.</FONT></SPAN></DIV>
<DIV><SPAN class=3D449305519-06022006><FONT face=3DArial color=3D#800000 =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D449305519-06022006><FONT face=3DArial color=3D#800000 =
size=3D2>keep=20
unauthorized root out of your box...sleep well at =
night.</FONT></SPAN></DIV>
<DIV><SPAN class=3D449305519-06022006><FONT face=3DArial color=3D#800000 =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D449305519-06022006><FONT face=3DArial color=3D#800000 =
size=3D2>yes,=20
it's a security risk...yes, it can save your butt....yes, you can shoot =
yourself=20
in the foot with it...you can even blow your whole leg =
off.</FONT></SPAN></DIV>
<DIV><SPAN class=3D449305519-06022006><FONT face=3DArial color=3D#800000 =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D449305519-06022006><FONT face=3DArial color=3D#800000 =

size=3D2>anything you can do with bpgp, you can do with a creative =
backup and=20
restore.</FONT></SPAN></DIV>
<DIV><SPAN class=3D449305519-06022006><FONT face=3DArial color=3D#800000 =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D449305519-06022006><FONT face=3DArial color=3D#800000 =

size=3D2>Paul</FONT></SPAN></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #800000 2px =
solid; MARGIN-RIGHT: 0px">
  <DIV></DIV>
  <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
  face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
  veritas-bu-admin AT mailman.eng.auburn DOT edu=20
  [mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] <B>On Behalf Of =
</B>Hampus=20
  Lind<BR><B>Sent:</B> February 6, 2006 2:13 PM<BR><B>To:</B>=20
  veritas-bu AT mailman.eng.auburn DOT edu<BR><B>Subject:</B> [Veritas-bu] =
Unadvertised=20
  utility in Netbackup<BR><BR></FONT></DIV>
  <DIV class=3DSection1>
  <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hi =
all,</SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT>&nbsp;</P>
  <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-GB=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">What are your comments =
to the bpgp=20
  utility, and others, in netbackup? I understand that it sometimes are =
useful=20
  for backup admins, my self included. But isen`t it also a great =
security risk?=20
  Does the use of this utility get logged somewhere? </SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-GB=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT>&nbsp;</P>
  <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-GB=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks and=20
  regards,</SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
lang=3DEN-GB=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">MVH / =
Hampus=20
  Lind<BR>Rikspolisstyrelsen<BR>National Police Board<BR>Tel dir: +46 =
(0)8 - 401=20
  99 4</SPAN></FONT><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">3<BR>Tel =
mob: +46=20
  (0)70 - 217 92 66<BR>E-mail: <A=20
  =
href=3D"mailto:hampus.lind AT rps.police DOT se">hampus.lind AT rps.police DOT 
se</A></=
SPAN></FONT></P>
  <P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN=20
  style=3D"FONT-SIZE: =
12pt"></SPAN></FONT>&nbsp;</P></DIV></BLOCKQUOTE></BODY></HTML>
=00
------_=_NextPart_001_01C62B57.B007DEAB--
--JqjN.432Mmtxge.n37en.3iSI30T
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

La version fran=C3=A7aise suit le texte anglais.

---------------------------------------------------------------------------=
---------

This email message from the Bank of Canada is given in good faith, and shal=
l not be
binding or construed as constituting any obligation on the part of the Bank.

This email may contain privileged and/or confidential information, and the =
Bank of
Canada does not waive any related rights. Any distribution, use, or copying=
 of this
email or the information it contains by other than the intended recipient is
unauthorized. If you received this email in error please delete it immediat=
ely from
your system and notify the sender promptly by email that you have done so.=20

Recipients are advised to apply their own virus checks to this message upon=
 receipt.

---------------------------------------------------------------------------=
---------

L'information communiqu=C3=A9e dans les courriels en provenance de la Banqu=
e du Canada
est soumise de bonne foi, mais elle ne saurait lier la Banque et ne doit au=
cunement
=C3=AAtre interpr=C3=A9t=C3=A9e comme constituant une obligation de sa part.

Le pr=C3=A9sent courriel peut contenir de l'information privil=C3=A9gi=C3=
=A9e ou confidentielle.
La Banque du Canada ne renonce pas aux droits qui s'y rapportent. Toute dif=
fusion,
utilisation ou copie de ce courriel ou des renseignements qu'il contient pa=
r une
personne autre que le ou les destinataires d=C3=A9sign=C3=A9s est interdite=
 Si vous recevez
ce courriel par erreur, veuillez le supprimer imm=C3=A9diatement et envoyer=
 sans d=C3=A9lai =C3=A0
l'exp=C3=A9diteur un message =C3=A9lectronique pour l'aviser que vous avez =
=C3=A9limin=C3=A9 de votre
ordinateur toute copie du courriel re=C3=A7u.

D=C3=A8s la r=C3=A9ception du pr=C3=A9sent message, le ou les destinataires=
 doivent activer leur
programme de d=C3=A9tection de virus pour =C3=A9viter toute contamination p=
ossible.

--JqjN.432Mmtxge.n37en.3iSI30T--