Re: Are there any efficient backup programs for Linux?
> Yes! Try BRU (Backup and Restore Utility) from est. It's not free,
> but I've been burnt more than once by free backup/restore software.
> My time, energy and certainly my data are worth the (fair) price for
> this product. I've been using it on several different machines for
> some time now and really like it.
>
> I've not yet tried the latest version (recently reviewed in Linux
> Journal) but like what I'm using.
I have attached a security problem with the latest BRU I received from
another lists below. Note [me] is not me and it is another person.
------------------------------------------------------------------------
[me]
> I recently bought bru (full version) for Linux. When xbru installs, it
> creates a /usr/local/lib/bru directory with mode 777. Is this mode
> required for some reason? Because, if not, it looks a little loose to me?
[est]
> Yes, at the present time it does need to be 777. Bru does some work which
> requires that mode; however, I've turned this one over to our programming shop
> to look at a change to this in the future. Thank you for the inquiry.
[me]
> Hmm. Doesn't that seem like a bad idea? What's to keep any of my users
> from mucking about in there? Nothing. And what about a tcl/tk proficient
> user? Since xbru would be run as root more often than not, what's to keep
> them from adding some nasties to the source? Nothing. It looks like a
> pretty major security hole to me.
[est]
> I passed your message on to our engineering staff for future implementations
> and, about two minutes later, the senior member was in my office with concern
> written on his face :(
>
> It appears as though the program was NOT suppose to go out 777 -- rather
> 1777. That little sticky bit of a difference provides for the security of
> ownership. Thank you for bringing this to our attention.
>
> You can make the following change to your system as shown:
>
> chmod 1777 /usr/local/lib/bru (assuming root login)
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: