How to identify setgid/setuid stuff: root@Macropus:/# ls -la /usr/sbin/am* /usr/lib/amanda/* | grep rws -rwsr-xr-- 1 root backup 18880 Jan 7 2014 /usr/lib/amanda/calcsize -rwsr-xr-- 1 root backup 48288 Jan 7 2014 /usr/lib/amanda/dumper -rwsr-xr-- 1 root backup 10528 Jan 7 2014 /usr/lib/amanda/killpgrp -rwsr-xr-- 1 root backup 60536 Jan 7 2014 /usr/lib/amanda/planner -rwsr-xr-- 1 root backup 10536 Jan 7 2014 /usr/lib/amanda/rundump -rwsr-xr-- 1 root backup 10584 Jan 7 2014 /usr/lib/amanda/runtar -rwsr-xr-- 1 root backup 60720 Jan 7 2014 /usr/sbin/amcheck
Look for the ‘s’ in the permissions. That denotes a file which is setuid or setgid, either of which will trigger Taint mode in a perl script. Most of the above are compiled binaries, but as they are running setuid, any perl scripts they call will also be setuid and thus perl’s taint mode will be active automatically, regardless of –T being in the hash-bang line or not. Line 480 mentioned in your traceback has to do with deleting a directory in the virtual changer structure on disk. I haven’t peered at the code to see where the $drive variable is picking up a taint flag. You can find more about this with ‘man perlsec’, there is good, if brief, discussion of taint mode and input de-tainting in that page, plus links to more detailed tutorials. I’m running Amanda 3.3.3 on Ubuntu 14.04.02 and I’m not having any of these issues with perl v5.18.2. From: [email protected] [mailto:[email protected]] On Behalf Of Schlacta, Christ Sent: Friday, March 20, 2015 19:54 Cc: amanda-users Subject: Re: Recovering from test backup gives error: amidxtaped: critical (fatal): Insecure dependency in unlink while running setgid at /usr/local/share/perl/5.18.2/Amanda/Changer/disk.pm line 480. I never set anything setgid. Something must be set setgid by Amanda during the install. Any ideas how to figure out what's setgid? On Mar 20, 2015 4:41 PM, "Jean-Louis Martineau" <[email protected]<mailto:[email protected]>> wrote: What is setgid? There should be nothing setgid when running amrecover/amidxtaped. Jean-Louis On 03/20/2015 01:10 PM, Schlacta, Christ wrote: So Running an amrecover after following the 15 minute guide gives me a strange error, and I'm unable to recover.. summary: Add files to backup using amrecover, run extract. extract prompts me to load vtape, which I click yes.. loading vtape results in: amrecover> extract Extracting files using tape drive changer on host localhost. The following tapes are needed: DailySet1-6 Extracting files using tape drive changer on host localhost. Load tape DailySet1-6 now Continue [?/Y/n/s/d]? Got no header and data from server, check in amidxtaped.*.debug and amandad.*.debug files on server amrecover> exit After this, I check amandad.*.debug, and find absolutely nothing.. but in amidxtaped.*.debug, I get the following content: Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: pid 24896 ruid 63998 euid 63998 version 3.3.6: start at Fri Mar 20 20:02:49 2015 Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: CTL << FEATURES=ffffffff9efefbffffffffff3f Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: CTL << CONFIG=DailySet1 Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: CTL << LABEL=DailySet1-6:1 Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: CTL << FSF=1 Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: CTL << HEADER Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: CTL << DEVICE=changer Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: CTL << HOST=^www01$ Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: CTL << DISK=^/var/www$ Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: CTL << DATESTAMP=20150320091506 Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: CTL << END Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: pid 24896 ruid 63998 euid 63998 version 3.3.6: rename at Fri Mar 20 20:02:49 2015 Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: chg-disk: Dir /var/backups/vtape/DailySet1/ Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: chg-disk: Using statefile '/var/backups/vtape/DailySet1//state' Fri Mar 20 20:02:49 2015: thd-0x19abc00: amidxtaped: critical (fatal): Insecure dependency in unlink while running setgid at /usr/local/share/perl/5.18.2/Amanda/Changer/disk.pm<http://disk.pm> line 480. amidxtaped: Insecure dependency in unlink while running setgid at /usr/local/share/perl/5.18.2/Amanda/Changer/disk.pm<http://disk.pm> line 480. /usr/lib/amanda/libamanda-3.3.6.so<http://libamanda-3.3.6.so>(+0x305e6)[0x7f78382945e6] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_logv+0x1b1)[0x7f7837fabae1] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_log+0x82)[0x7f7837fabd72] /usr/local/share/perl/5.18.2/auto/Amanda/MainLoop/libMainLoop.so(+0x56d5)[0x7f783208b6d5] /lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x49703)[0x7f7837fa5703] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x135)[0x7f7837fa4ce5] /lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x49048)[0x7f7837fa5048] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_loop_run+0x6a)[0x7f7837fa530a] /usr/local/share/perl/5.18.2/auto/Amanda/MainLoop/libMainLoop.so(run_c+0x11)[0x7f783208a5cd] /usr/local/share/perl/5.18.2/auto/Amanda/MainLoop/libMainLoop.so(_wrap_run_c+0xf9)[0x7f783208ce75] /usr/lib/libperl.so.5.18(Perl_pp_entersub+0x596)[0x7f7839710866] /usr/lib/libperl.so.5.18(Perl_runops_standard+0x16)[0x7f7839708e86] /usr/lib/libperl.so.5.18(perl_run+0x384)[0x7f78396a1844] /usr/bin/perl(main+0x149)[0x400dd9] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f78392b3ec5] /usr/bin/perl[0x400e11] I tried downgrading from 3.3.7 to 3.3.6, with no joy. This is on an almost perfectly stock ubuntu 14.04 install. The only variation from the quick start guide is that I've configured ssh authentication for amandabackup and local authentication for amrecover
