|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: BRU Vulnerability
From: Gavrie Philipson (gavrie
NETMOR.COM)Date: Thu Jun 08 2000 - 01:28:48 CDT
- Next message: http-equivexcite.com: "Re: MICROSOFT SECURITY FLAW?"
- Previous message: William R. Lorenz: "Password Generation during RH Linux 6.x Installation"
- In reply to: root: "BRU Vulnerability"
- Next in thread: Jeremy Rauch: "Re: BRU Vulnerability"
- Reply: Gavrie Philipson: "Re: BRU Vulnerability"
- Reply: Jeremy Rauch: "Re: BRU Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
root wrote:
> BRU backup software Vulnerability:
>
> Description:
> You can change the log file BRU uses by changing the
> BRUEXECLOG environment variable. Since bru is setuid
> root you can append to any file on the system.
Why, am I wondering, would a sane person install BRU with setuid
permissions?
That's like installing tar with setuid permissions and wondering about
overwritten files.
On my systems, BRU words fine without any setuid/setgid perms.
Gavrie.
-- Gavrie Philipson Netmor Applied Modeling Research Ltd.
- Next message: http-equivexcite.com: "Re: MICROSOFT SECURITY FLAW?"
- Previous message: William R. Lorenz: "Password Generation during RH Linux 6.x Installation"
- In reply to: root: "BRU Vulnerability"
- Next in thread: Jeremy Rauch: "Re: BRU Vulnerability"
- Reply: Gavrie Philipson: "Re: BRU Vulnerability"
- Reply: Jeremy Rauch: "Re: BRU Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]