Your message dated Tue, 20 Mar 2012 12:14:48 +0100 (CET)
with message-id <[email protected]>
and subject line no action taken
has caused the Debian Bug report #500364,
regarding Insecure use of /tmp/amanda/ dir ?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
500364: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500364
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: amanda
Severity: normal
Hello.
In the line of recent investigations on Debian package using /tmp in an
insecure way, I'm wondering if amanda wasn't missed in the search for such
packages.
I happen to have an (empty so far) directory /tmp/amanda/ created whenever I
start commands like amcheck.
I'm wondering if this is indeed very safe... maybe the files there are not
under a predictable name... but I seem to notice occurances of
/tmp/amanda/amandad.debug whenever googleing for /tmp/amanda.
The configure script seems to mention :
./configure: --with-tmpdir=/temp/dir area Amanda can use for temp files
[/tmp/amanda]
So maybe there's no point here, but I think some investigation may be needed.
Hope this helps,
Best regards.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Closing this bug with no further action taken. I don't believe there was ever
a problem, and there has been no further discussion since September of 2008,
at which time we were shipping a much older version of amanda in any case.
Bdale
--- End Message ---
