One of my student workers - who happens to be setting up Amanda,
recently came to me with a concern about how the backup/restore process
handles soft links.   I suspect that this is a non-issue in that Amanda
has already figured out a way to deal with this, but just in case...

Let's say a user creates a soft link in their home directory that points
to
/usr/bin, eg:

lrwxrwxrwx  1 cbarnes  barnes   15 July  1 13:35 mybin -> /usr/bin/

Then the backups of the home are run.

Then the user removes the softlink and creates a real directory with
that same name.

drwxr-xr-x  2 cbarnes  barnes 4096 Aug 18 17:23 mybin

and then puts a modified program into that directory:

drwxr-xr-x    2 cbarnes  barnes       4096 Aug 18 17:23 ./
drwxr-xr-x   13 cbarnes  cbarnes      4096 Aug 25 17:31 ../
-r-s--x--x    1 cbarnes  barnes       7667 Aug 18 17:26 passwd*

and backups are run again.


The concern is that when a restore is run, the softlink to the /usr/bin
directory will be recreated, then the file will be restored into that
directory, overwriting the file that is supposed to be there (ie.
creating a security issue).


1) Is this possible, or does Amanada already do something to prevent
this?
2) If it is possbile, are there any security considerations we need to
take into consideration when running backups or restore jobs?


--

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes                                       AOL IM: CNBarnes
chris-barnes AT tamu DOT edu                            Yahoo IM: chrisnbarnes
Computer Systems Manager                               ph: 979-845-7801
Department of Physics                                 fax: 979-845-2590
Texas A&M University