SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   PC NetLink Vendors:   Sun
Sun Solaris PC NetLink Software May Not Retain Access Control List Permissions When Restored After a Backup
SecurityTracker Alert ID:  1004800
SecurityTracker URL:  http://securitytracker.com/id/1004800
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Dec 2 2003
Original Entry Date:  Jul 19 2002
Impact:   Modification of system information
Vendor Confirmed:  Yes  
Version(s): 1.x
Description:   A vulnerability has been reported in Sun's PC NetLink. The access control list permissions may be lost after a backup has been restored.

According to the report, backing up and subsequently restoring PC NetLink shared files or directories may result in the PC NetLink access control list (ACL) information being lost and the default permissions being applied.

Sun reports that only backup products that support the handling of PC Netlink ACLs on the server will cause this problem. This includes VERITAS NetBackup, Legato NetWorker Server, Client, and Storage Node software, and Solstice Backup. Backup software that accesses files and directories through the PC Netlink shares (such as backup software running on PC Clients or PC Servers) reportedly does not cause the problem.

The vulnerability only affects UNIX files and directories within a PC Netlink share that meet the following conditions:

* are a symbolic link, or
* reside one or more levels below a symbolically linked directory, or
* reside on a share that itself is a symbolically linked directory.

Impact:   The system may delete access control list permissions and instead apply the default permissions after an administrator has performed a backup restoration.
Solution:   According to Sun's report, a final resolution is pending completion. In the interim, Sun has provided the following workaround:

"As a possible workaround, should a PC Netlink shared file or directory be a symbolic link, always backup and later restore it together with the file or directory that the symbolic link points to (please check your backup product's documentation for more information).

Also, a full backup and later restore of all PC Netlink shared files, including symbolic links and the files or directories the symbolic links point to, together with the ACL database (held in
"/var/opt/lanman/datafiles"), will not encounter the described issue.

Using backup software that accesses files and directories through the PC Netlink shares (typically backup software running on PC Clients or PC Servers) will also avoid the described issue.

Alternatively, do not use symbolically linked files or directories within PC Netlink shares to avoid the described issue.

Should permissions have been lost due to the described issue, they need to be restored either

* by directly restoring the complete ACL database (held in "/var/opt/lanman/datafiles") on the PC Netlink server from a backup copy, or

* by manually readjusting permissions using the "net perms" and "chacl" commands (please see the PC Netlink documentation for more details)"

Vendor URL:  sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert%2F27807 (Links to External Site)
Cause:   State error
Underlying OS:  UNIX (Solaris - SunOS)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 2 2003 (Vendor Issues Fix) Sun Solaris PC NetLink Software May Not Retain Access Control List Permissions When Restored After a Backup
Sun has issued a fixed version.



 Source Message Contents

Subject:  Sun Alert 27807 PC Netlink


http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert%2F27807

Sun issued an Alert (27807) warning the the Sun PC Netlink's access
control list permissions may be lost after a backup has been restored.

According to the report, backing up and subsequently restoring "PC
Netlink" shared files or directories may result in the PC Netlink Access
Control List (ACL) information being lost and the default permissions
being applied.

PC Netlink 1.x for both SPARC and Intel platforms are affected.

Sun reports that only backup products that support the handling of PC
Netlink ACLs on the server will cause this problem.  This includes
VERITAS NetBackup, Legato NetWorker Server, Client, and Storage Node
software, and Solstice Backup.  Backup software that accesses files and
directories through the PC Netlink shares (such as backup software
running on PC Clients or PC Servers) reportedly does not cause the
problem.

The vulnerability only affects UNIX files and directories within a PC
Netlink share that meet the following conditions:

* are a symbolic link, or
* reside one or more levels below a symbolically linked directory, or
* reside on a share that itself is a symbolically linked directory.

Sun has provided the following workaround:

"As a possible workaround, should a PC Netlink shared file or directory
be a symbolic link, always backup and later restore it together with the
file or directory that the symbolic link points to (please check your
backup product's documentation for more information).

Also, a full backup and later restore of all PC Netlink shared files,
including symbolic links and the files or directories the symbolic links
point to, together with the ACL database (held in
"/var/opt/lanman/datafiles"), will not encounter the described issue.

Using backup software that accesses files and directories through the PC
Netlink shares (typically backup software running on PC Clients or PC
Servers) will also avoid the described issue.

Alternatively, do not use symbolically linked files or directories
within PC Netlink shares to avoid the described issue.

Should permissions have been lost due to the described issue, they need
to be restored either

* by directly restoring the complete ACL database (held in
"/var/opt/lanman/datafiles") on the PC Netlink server from a backup
copy, or

* by manually readjusting permissions using the "net perms" and
"chacl" commands (please see the PC Netlink documentation for more
details)"

According to Sun's report, a final resolution is pending completion.


* Avoidance: Workaround
* State: Committed
* Date Released: 07-Sep-2001


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC