Use of awk in bacula-dir.conf

Asked by Chip Williams

The default bacula-dir.conf of Ubuntu 8.10 (bacula 2.4.2) utilizes awk when doing a catalog backup to make ASCII and says it does so for security reasons. I did not see this in older deployed systems which seemed to simply copy the mysql database file. What is the security reason that led to awk being used?

  # This creates an ASCII copy of the catalog
  # WARNING!
  # Ubuntu uses make_catalog_backup_awk script for
  # security reasons
  # Replace <CatalogName> with the real Catalog name
  RunBeforeJob = "/usr/bin/awk -f /etc/bacula/scripts/make_catalog_backup_awk -v cat1=MyCatalog /etc/bacula/bacula-dir.conf"

Question information

Language:
English Edit question
Status:
Answered
For:
Bacula Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Kern Sibbald (kern) said :
#1

This is a Ubuntu packaging issue and not a Bacula project issue. If I remember right, they were doing it for security reasons because the user could potentially expose his DB password on the command line. We (the Bacula project) don't consider the security problems so serious as Ubuntu did, and their implementation is not portable. We have developed a portable solution for our next major release.

Concerning your question: please see with the Ubuntu packagers -- I believe it is under the Ubuntu project.

Can you help with this problem?

Provide an answer of your own, or ask Chip Williams for more information if necessary.

To post a message you must log in.