Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Re: xbru vulnerability

Re: xbru vulnerability

Theo Van Dinter (felicityKLUGE.NET)
Sat, 8 Nov 1997 13:15:58 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Re: Intel Pentium Bug"
Previous message: Tim Scanlon: "Re: Major security flaw in Cybercash 2.1.2"
In reply to: Kyle Amon: "xbru vulnerability"

On Sat, 8 Nov 1997, Kyle Amon wrote:

| > It appears as though the program was NOT suppose to go out 777 -- rather
| > 1777.  That little sticky bit of a difference provides for the security of
| > ownership.  Thank you for bringing this to our attention.

Unless you want non-root users to do restores/backups, there's no problem in
making the perms non-world writeable.  My /usr/local/lib/bru directory is
775, works fine (as expected) from root.


--
Randomly Generated Tagline:
Just a hunch; Murphy was an optimist.

Next message: Aleph One: "Re: Intel Pentium Bug"
Previous message: Tim Scanlon: "Re: Major security flaw in Cybercash 2.1.2"
In reply to: Kyle Amon: "xbru vulnerability"