Veritas-bu

[Veritas-bu] sniff...bpgp is gone from 6.5

2008-01-22 12:58:40
Subject: [Veritas-bu] sniff...bpgp is gone from 6.5
From: cpreston <netbackup-forum AT backupcentral DOT com>
To: VERITAS-BU AT mailman.eng.auburn DOT edu
Date: Tue, 22 Jan 2008 09:41:05 -0800
I'm looking into whether or not this is true.  If it is, it's time for an email 
campaign. 

Some see it as a security hole, and I think that's ridiculous.  Anybody who is 
root/Administrator on a NetBackup master can push any file to any client any 
time they want via a backup/restore command.  Removing bpgp only makes it take 
a few minutes instead of a few seconds.

Other complaints about it over the years have been that it doesn't check for 
like/like. You can overwrite a directory with a file if you tell it to.  For 
example, the following command would be VERY BAD!

WRONGWAY# bpgp to client /etc/hosts /etc #DON'T DO THIS

While this would be perfectly valid syntax with copy, cp, rcp, mv, etc, it is 
NOT proper syntax with bpgp.  The command above would overwrite the /etc 
DIRECTORY with /etc/hosts, which, of course, would not be good for your client. 
 (Some have even overwritten their root mount point.)  Perhaps they got too 
many calls from people that did just that.

Of course, about five lines of code could have fixed that problem.  It doesn't 
allow you to copy a directory, but it doesn't check if what you're copying to 
is a directory. A simple check that the target file is or is not a directory 
would have sufficed.  If it was a directory, it could just exit with error.  
But they chose instead to just pretend the command didn't exist.  It's not 
documented; there's not even a Usage statement in the command itself, even if 
you do strings.  If you call support and complain they tell you it's not 
supported.

+----------------------------------------------------------------------
|This was sent by cpreston AT glasshouse DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------


_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu