Hello,

I am experimenting with adsmpipe for AIX with the
purpose of saving large objects (dozens of GB) directly
into ADSM tape storage.

I have found a security problem with adsmpipe:

If a file exists in ADSMPIPE storage that was created
by user A, and user B creates another file with the
same name, user A's file will silently be expired.

In other words, any user who has access to a copy of
the adsmpipe program (and has an account on my node)
can effectively overwrite any file in ADSMPIPE
storage provided they know the file name.

A user can only list (adsmpipe -t) their own files (I
hope), so I can choose a sufficiently secret file name
to make this event unlikely. Still, I'm a bit worried
by the observation that security is not enforced by
design.

Has anybody taken a closer look at the internals of
adsmpipe? Is it perceived to be OK to use adsmpipe for
production purposes?

Sincerely,   Michael Fink

P.S.
I understand the "unsupported" status of adsmpipe,
but I see no alternative to using it.

--
   Dr. Michael Fink +-----------------------------+------------------------
   Dr. Michael Fink +-----------------------------+------------------------
        EDV-Zentrum | Universitaet Innsbruck      | Tel: +43(512)507-2311
 Computing Services | Technikerstrasse 13         | FAX: +43(512)507-2944
--------------------+ A - 6020 Innsbruck, Austria | Michael.Fink AT uibk.ac DOT 
at
=========================================================================