Bugtraq mailing list archives
xbru vulnerability
From: amonk () GNUTEC COM (Kyle Amon)
Date: Sat, 8 Nov 1997 00:58:54 -0500
BRU (Backup and Recovery Utility) is a fairly commonly used commercial UNIX backup program available from EST, Inc. (Enhanced Software Technologies). They have a website at http://www.estinc.com and were instrumental in some of the recent FTAPE driver improvements for Linux. All in all it's a great program, however they have added a new tcl/tk based GUI interface which installs with inappropriate permissions. Below is an abreviated version of a conversation I recently had with them. [me]
I recently bought bru (full version) for Linux. When xbru installs, it creates a /usr/local/lib/bru directory with mode 777. Is this mode required for some reason? Because, if not, it looks a little loose to me?
[est]
Yes, at the present time it does need to be 777. Bru does some work which requires that mode; however, I've turned this one over to our programming shop to look at a change to this in the future. Thank you for the inquiry.
[me]
Hmm. Doesn't that seem like a bad idea? What's to keep any of my users from mucking about in there? Nothing. And what about a tcl/tk proficient user? Since xbru would be run as root more often than not, what's to keep them from adding some nasties to the source? Nothing. It looks like a pretty major security hole to me.
[est]
I passed your message on to our engineering staff for future implementations and, about two minutes later, the senior member was in my office with concern written on his face :( It appears as though the program was NOT suppose to go out 777 -- rather 1777. That little sticky bit of a difference provides for the security of ownership. Thank you for bringing this to our attention. You can make the following change to your system as shown: chmod 1777 /usr/local/lib/bru (assuming root login)
- Kyle Kyle Amon email: amonk () raleigh ibm com Unix Systems Administrator phone: (203) 486-3290 Security Specialist pager: 1-800-759-8888 PIN 1616512 IBM Global Services or 1616512 () skymail com (240 char max) email: amonk () gnutec com url: http://www.gnutec.com/kyle KeyID 1024/173D96C9 Fingerprint = 90 4F 0B D4 2D 37 E7 61 1A 31 7B F2 72 04 66 1A Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition.
Current thread:
- xbru vulnerability Kyle Amon (Nov 07)
- Re: xbru vulnerability Theo Van Dinter (Nov 08)