>Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls
>/usr/bin/tar and passes all args given to runtar to this program. Tar is
FWIW, runtar does not need to be suid root if the amanda user (defaults to
user "amanda") has read access to the raw disks. This is typically
accomplished
by adding amanda to which ever group owns the disks. This doesn't fix the
buffer overflow problem in tar, but it is a decent work around.
Of course, it would be better if setuid root were not the default
configuration :(
- Rob
.
