ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PASSWORDACCESS GENERATE - problem

1997-10-22 12:44:25
Subject: Re: PASSWORDACCESS GENERATE - problem
From: "Mark J. Cecil" <mjc AT WAYLOO.TCS.TULANE DOT EDU>
Date: Wed, 22 Oct 1997 11:44:25 -0500 
>
> This is not a limitation. When you put NODENAME in a UNIX dsm.opt file (or if
> you specify it on the command line, i.e. "dsmc -nodename=3Dwhatever"), you are
> indicating that you are a "virtual root user". You should be prompted for the
> password. If you know the password, then you will have access to all of  that
> node's versions. This is documented in "Using the UNIX Backup-Archive Clients"
> in the reference section describing the NODENAME option.
>
> If NODENAME is set in dsm.sys, you won't get a password prompt and you won't
> a virtual root user. This is a way of over-riding the default nodename, which
> is the machine name. If NODENAME is in dsm.opt, then you should be getting a
> password prompt.
>
> Andy Raibeck
> ADSM Level 2 Support

Actually, I came across this very type of thing recently, in trying to set
up a virtual node for archival and retrieval.  A huge pain in the neck.

My only comment on this is this:   Despite the fact that the behaviour is
documented, implicit rights based on WHERE apparently unrelated options
are set are insecure, unnatural, error prone, and difficult to trace.

I've seen some poor design decisions in ADSM that were merely inconvenient,
but this behaviour is a flat design *flaw*.  Security should mandate that
only the minimum rights (i.e. user-level stuff) be granted implicitly, and
that any rights in excess of that (i.e. root-level stuff) be requested and
authenticated EXPLICITLY.  And, the protocol for granting such rights should
be sufficiently robust as to prevent accidental granting of rights or acci-
dental denial of service (such as would happen if you placed the NODENAME
in the wrong file).

It would be nice to see a command line flag that enables/disables access
as a virtual-root-user, with an explicit password being required.

Mark

--
============== See me at http://www.Tulane.EDU/~mjc ======================
============== See me at http://www.Tulane.EDU/~mjc ======================
Mark Justin Cecil    |  Tulane University    | mjc AT mailhost.tcs.tulane DOT 
edu
Systems Programmer   |   Computing Services  |     cecil AT eecs.tulane DOT edu
(504) 865-5631 x 2535|    New Orleans, LA    |  http://www.Tulane.edu/~mjc
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  cartridge status, Dave Sanders
Next by Date:  Fast Ethernet, CISCO Catalyst Switches, and ADSM, Wayne Merchant
Previous by Thread:  Re: PASSWORDACCESS GENERATE - problem, Andrew Raibeck
Next by Thread:  Re: PASSWORDACCESS GENERATE - problem, Andrew Raibeck
Indexes:  [Date] [Thread] [Top] [All Lists]