jrauchSECURITYFOCUS.COM

• Next message: Bryan Paxton: "Mission statement for LKAP(Linux Kernel Auditing Project)"
• Previous message: Wojciech Purczynski: "Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5"
• In reply to: Gavrie Philipson: "Re: BRU Vulnerability"
• Next in thread: Theo Van Dinter: "Re: BRU Vulnerability"
• Reply: Jeremy Rauch: "Re: BRU Vulnerability"
• Reply: Theo Van Dinter: "Re: BRU Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 08, 2000 at 09:28:48AM +0300, Gavrie Philipson wrote:
> root wrote:
> > BRU backup software Vulnerability:
> >
> > Description:
> > You can change the log file BRU uses by changing the
> > BRUEXECLOG environment variable. Since bru is setuid
> > root you can append to any file on the system.
>
> Why, am I wondering, would a sane person install BRU with setuid
> permissions?
> That's like installing tar with setuid permissions and wondering about
> overwritten files.
>
> On my systems, BRU words fine without any setuid/setgid perms.

By default, BRU is installed setuid root. If it isn't, and is run by a
non-root user, it complains:
bru: [W171] warning - BRU must be owned by root and have suid bit set

Many (most) users who install BRU probably never think to check if its
installed setuid. Should it be? Probably not, but it is a very real
vulnerability under a default install.
-j

• Next message: Bryan Paxton: "Mission statement for LKAP(Linux Kernel Auditing Project)"
• Previous message: Wojciech Purczynski: "Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5"
• In reply to: Gavrie Philipson: "Re: BRU Vulnerability"
• Next in thread: Theo Van Dinter: "Re: BRU Vulnerability"
• Reply: Jeremy Rauch: "Re: BRU Vulnerability"
• Reply: Theo Van Dinter: "Re: BRU Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]