On Thursday 01 March 2007 21:13, Zeratul wrote: > On Thu, 1 Mar 2007 18:27:12 +0100, Kern Sibbald wrote > > > On Thursday 01 March 2007 16:06, Zeratul wrote: > > > On Wed, 28 Feb 2007 09:05:16 +0100, Kern Sibbald wrote > > > ... > > > > > > > This is a bug. The jobid list should be filtered, and I see the code > > > > does check the JobIds against the permitted Job names and complain if > > > > it is not allowed. However, it simply continues rather than removing > > > > the unauthorized jobid. I've attached a corrected version of > > > > <bacula-source>/src/dird/ua_restore.c, which should fix the problem > > > > of entering JobIds that are not authorized. I would appreciate > > > > feedback whether or not it resoves that particular problem. > > I tried this version and it seems the problem was fixed. I wasn't able to > select any other job id except the ones belonging to the client specified > in the restricted console. Thank you.
Thanks for the feedback. If you find any more really bad security problems like that one, please let me know. A bug report is the best way, though your recent email hit me at *just* the right time. Best regards, Kern ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
