Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

xbru vulnerability

From: amonk () GNUTEC COM (Kyle Amon)
Date: Sat, 8 Nov 1997 00:58:54 -0500

BRU (Backup and Recovery Utility) is a fairly commonly used commercial
UNIX backup program available from EST, Inc. (Enhanced Software Technologies).
They have a website at http://www.estinc.com and were instrumental in some
of the recent FTAPE driver improvements for Linux.  All in all it's a
great program, however they have added a new tcl/tk based GUI interface
which installs with inappropriate permissions.  Below is an abreviated
version of a conversation I recently had with them.

[me]

I recently bought bru (full version) for Linux.  When xbru installs, it
creates a /usr/local/lib/bru directory with mode 777.  Is this mode
required for some reason?  Because, if not, it looks a little loose to me?


[est]

Yes, at the present time it does need to be 777.  Bru does some work which
requires that mode; however, I've turned this one over to our programming shop
to look at a change to this in the future.  Thank you for the inquiry.


[me]

Hmm.  Doesn't that seem like a bad idea?  What's to keep any of my users
from mucking about in there?  Nothing.  And what about a tcl/tk proficient
user?  Since xbru would be run as root more often than not, what's to keep
them from adding some nasties to the source?  Nothing.  It looks like a
pretty major security hole to me.


[est]

I passed your message on to our engineering staff for future implementations
and, about two minutes later, the senior member was in my office with concern
written on his face :(

It appears as though the program was NOT suppose to go out 777 -- rather
1777.  That little sticky bit of a difference provides for the security of
ownership.  Thank you for bringing this to our attention.

You can make the following change to your system as shown:

       chmod 1777 /usr/local/lib/bru   (assuming root login)


- Kyle

Kyle Amon                     email: amonk () raleigh ibm com
Unix Systems Administrator    phone: (203) 486-3290
Security Specialist           pager: 1-800-759-8888 PIN 1616512
IBM Global Services                  or 1616512 () skymail com (240 char max)
                              email: amonk () gnutec com
                              url:   http://www.gnutec.com/kyle
KeyID 1024/173D96C9
Fingerprint = 90 4F 0B D4 2D 37 E7 61  1A 31 7B F2 72 04 66 1A

Windows 95:  A 32-bit patch for a 16-bit GUI shell running on top of an
             8-bit operating system written for a 4-bit processor by a
             2-bit company who cannot stand 1 bit of competition.
Previous By Date Next
Previous By Thread Next

Current thread: