I think you are correct. I also found that you cannot add the special
barcode rules <NONE> and <DEFAULT> through the GUI any more, as the angle
brackets upset the new filters on what is allowed in the CLI commands that
it creates.
William D L Brown
veritas-bu-bounces AT mailman.eng.auburn DOT edu wrote on 10/08/2009 16:50:12:
> I think i've found this out myself but it may be useful for people.
>
> I think its a security issue with the console running from remote as the
> admin gui invokes command line parameters when a policy is changing and
> various characters could be used by a non root user running the gui to
> do various things.
>
> I've manually added the keywords with bpplinfo Temp_manual -modify
> -keyword "<mseo ....</mseo>" and on a restart of the gui its appeared.
>
> Hopefully thats correct.
>
> I'm not entirely sure why xml tags could be security issues but i'm not
> in the know there.
> Cheers
>
> Dave Markham wrote:
> > To add i'm running the gui on the unix server and redirecting it back
> > with X11 through SSH to a terminal server running xming. This is due
to
> > another issue i have with the 6.5.4 remote admin gui not working on
> > windows :(
> >
> > Cheers
> >
> > Dave Markham wrote:
> >
> >> Guys i'm installing and configuring MSEO 6.1 on Netbackup 6.5.4 on
> >> Solaris 10 sparc.
> >>
> >> This is all on the same box so no separate media servers etc. The
> >> security server and agent for MSEO are both on the same box also.
> >> Communication is working fine.
> >>
> >> I'm still getting to grips with the policies within MSEO etc, but i'm
> >> just trying to use the default for now to test it works.
> >>
> >> I've converted the devices and done a backup with no keywords in the
> >> netbackup policy to test backups still work without encryption and
the
> >> security server is allowing the agent to work.
> >>
> >> Now when i put this in the Keyword phrase box of Netbackup gui its
> >> failing with the error below.
> >>
> >> trying to add
> >>
> >> <mseo>KeyType=aes256; Compress=lzrw3; </mseo>
> >>
> >> The error pop up i get is :-
> >>
> >> An error occurred while changing policy 'Temp_manual', status 509 Can
> >> not execute program.
> >>
> >> Looking in netbackup/logs/bpjava-susvc i see the following :-
> >>
> >> 16:27:15.175 [3170] <2> session_dispatch: fd = 10,
currentObj.currSocket
> >> = 10
> >> 16:27:15.176 [3170] <2> session_dispatch: tag = 118 =
RANDOM_KEY,lines = 1
> >> 16:27:15.176 [3170] <2> command_RANDOM_KEY: enableEncryption
> >> 16:27:15.178 [3170] <2> session_dispatch: fd = 10,
currentObj.currSocket
> >> = 10
> >> 16:27:15.178 [3170] <2> session_dispatch: tag = 1 = EXEC_RETURN,
lines = 1
> >> 16:27:15.178 [3170] <2> sanitary_mb_str: String
> >> ""/usr/openv/netbackup/bin/admincmd/bpgetconfig" -M xxxxx
> >> VM_PROXY_SERVER " is considered sanitary.
> >> 16:27:15.178 [3170] <2> command_EXEC: tag = EXEC_RETURN, lines read =
> >> 0, buffer = "/usr/openv/netbackup/bin/admincmd/bpgetconfig" -M
xxxxxxx
> >> VM_PROXY_SERVER
> >> 16:27:22.438 [3170] <2> session_dispatch: fd = 10,
currentObj.currSocket
> >> = 10
> >> 16:27:22.438 [3170] <2> session_dispatch: tag = 118 =
RANDOM_KEY,lines = 1
> >> 16:27:22.438 [3170] <2> command_RANDOM_KEY: enableEncryption
> >> 16:27:22.440 [3170] <2> session_dispatch: fd = 10,
currentObj.currSocket
> >> = 10
> >> 16:27:22.440 [3170] <2> session_dispatch: tag = 234 = BPPLINFO_CMD,
> >> lines = 2
> >> 16:27:22.441 [3170] <16> sanitary_mb_str: Found redirection in
attempt
> >> without proper path
> >> 16:27:22.441 [3170] <32> sanitary_mb_str: String
> >> "/usr/openv/netbackup/bin/admincmd/bpplinfo Temp_manual -modify
> >> -clienttype Standard -residence "*NULL*" -pool "Temp_manual"
-priority 0
> >> -generation 5 -classjobs 2147483647 -keyword "<mseo>KeyType=aes256;
> >> Compress=lzrw3; </mseo>" -data_class *NULL* -res_is_stl 0 -sg "*ANY*"
> >> -active -compress 0 -follownfs 0 -crossmp 0 -collect_tir_info 0
-rfile 0
> >> -encrypt 0 -blkincr 0 -granular_restore_info 0 -tzo 3600 -M xxxxx" is
> >> considered unsanitary.
> >> 16:27:22.441 [3170] <16> command_EXEC: Illegal command
> >>
> >>
> >> Anyone any ideas?
> >>
> >> Cheers
> >>
> >> P.S just putting any old word in the Keyword phrase works. Its as
though
> >> the MSEO tags are not liked.
> >>
> >> _______________________________________________
> >> Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
> >> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> >>
> >>
> >>
> >>
> >
> > _______________________________________________
> > Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
> > http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> >
> >
> >
>
> _______________________________________________
> Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>
-----------------------------------------------------------
This e-mail was sent by GlaxoSmithKline Services Unlimited
(registered in England and Wales No. 1047315), which is a
member of the GlaxoSmithKline group of companies. The
registered address of GlaxoSmithKline Services Unlimited
is 980 Great West Road, Brentford, Middlesex TW8 9GS.
-----------------------------------------------------------
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|