Veritas-bu

[Veritas-bu] .SeCuRiTy.n files in / on Solaris

2003-03-03 10:54:21
Subject: [Veritas-bu] .SeCuRiTy.n files in / on Solaris
From: ssesar AT mitre DOT org (Steven L. Sesar)
Date: Mon, 03 Mar 2003 10:54:21 -0500
Cord Beermann wrote:
> Hallo! Steven L. Sesar hat geschrieben:
> 
> [snip]
> 
> 
>>I am pretty P.O'd about this, as I spent the last hour or so tracking 
>>this down. I was minutes away from turning my disks over to Infosec.
> 
> 
> It's nice to know when you are not the only who tries to figure out
> how that /&§&%§"%& cracker hacked into the Backupserver. BTDT.
> including hyperventilating.
> 
> 
>>Can someone please tell me why the engineers at Veritas decided it was a 
>>great idea to write files that look suspiciously "warez-y" to /, 
>>nonetheless, and leave this little detail undocumented (at least, I 
>>can't find any reference to this)?
> 
> 
> It is somewhere in the archive of this mailinglist.

That's cool, but A) this list is not documentation and B) it's 
ridiculous that this $$$$$ product writes files like that, anyway.


> 
> 
>>In the event that any of you see this on your machines, what created 
>>them was a test restore of some NT files onto my master server. We were 
>>having a problem with a restore, so I decided to test the sanity of the 
>>image itself by restoring locally to my master server, which obviously 
>>worked.
> 
> 
> the .SeCuRiTy-Files contain some additional information of the
> access-rights.

I dunno:

[netbackup1]-/root# strings /.SeCuRiTy.94 

dxpP3P
dxpP
dxpP
dxpPI
dxpP3P
dxpP
dxpP
dxpPI
dxpP3P
dxpP
dxpP
dxpPI
dxpPj
dxpP
dxpP
dxpP3P
dxpP
dxpP
dxpPI
[netbackup1]-/root#

> 
> 
>>IMHO, this is shoddy and careless SW engineering, made even worse by 
>>lack of documentation this behavior.
> 
> 
> Yup. there are some more 'nice' features of this kind in it.
> 
> Cord


-- 
===================================

Steven L. Sesar
Ops. Sys. Programmer/Analyst, Sr.
Application Operations R10A
The MITRE Corporation
202 Burlington Road - R101
Bedford, MA 01730
tel: (781) 271-7702
fax: (781) 271-2600
email: ssesar AT mitre DOT org
mobile: (617) 893-9635

===================================