|
Re: [Veritas-bu] sniff...bpgp is gone from 6.5
2008-01-22 13:37:16
nope... that is gone.
-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Stump,
Bob A
Sent: Tuesday, January 22, 2008 12:56 PM
To: VERITAS-BU AT mailman.eng.auburn DOT edu
Subject: Re: [Veritas-bu] sniff...bpgp is gone from 6.5
Somebody please check to see if bpdir still exists in NB 6.5
-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of cpreston
Sent: Tuesday, January 22, 2008 12:41 PM
To: VERITAS-BU AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] sniff...bpgp is gone from 6.5
I'm looking into whether or not this is true. If it is, it's time for
an email campaign.
Some see it as a security hole, and I think that's ridiculous. Anybody
who is root/Administrator on a NetBackup master can push any file to any
client any time they want via a backup/restore command. Removing bpgp
only makes it take a few minutes instead of a few seconds.
Other complaints about it over the years have been that it doesn't check
for like/like. You can overwrite a directory with a file if you tell it
to. For example, the following command would be VERY BAD!
WRONGWAY# bpgp to client /etc/hosts /etc #DON'T DO THIS
While this would be perfectly valid syntax with copy, cp, rcp, mv, etc,
it is NOT proper syntax with bpgp. The command above would overwrite
the /etc DIRECTORY with /etc/hosts, which, of course, would not be good
for your client. (Some have even overwritten their root mount point.)
Perhaps they got too many calls from people that did just that.
Of course, about five lines of code could have fixed that problem. It
doesn't allow you to copy a directory, but it doesn't check if what
you're copying to is a directory. A simple check that the target file is
or is not a directory would have sufficed. If it was a directory, it
could just exit with error. But they chose instead to just pretend the
command didn't exist. It's not documented; there's not even a Usage
statement in the command itself, even if you do strings. If you call
support and complain they tell you it's not supported.
+----------------------------------------------------------------------
|This was sent by cpreston AT glasshouse DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
______________
The information contained in this message is proprietary and/or
confidential. If you are not the intended recipient, please: (i) delete
the message and all copies; (ii) do not disclose, distribute or use the
message in any manner; and (iii) notify the sender immediately. In
addition, please be aware that any message addressed to our domain is
subject to archiving and review by persons other than the intended
recipient. Thank you.
_____________
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|
