Re: Are there any efficient backup programs for Linux?

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: Are there any efficient backup programs for Linux?
From: Lawrence <ychim@ForeverMail.com>
Date: Sun, 09 Nov 1997 04:39:15 +1100
Message-id: <3464A3C3.F94FA987@ForeverMail.com>
References: <m0xTru3-000IRLC@bertha.practical.net>

> Yes!  Try BRU (Backup and Restore Utility) from est.  It's not free,
> but I've been burnt more than once by free backup/restore software.
> My time, energy and certainly my data are worth the (fair) price for
> this product.  I've been using it on several different machines for
> some time now and really like it.
> 
> I've not yet tried the latest version (recently reviewed in Linux
> Journal) but like what I'm using.

I have attached a security problem with the latest BRU I received from
another lists below.  Note [me] is not me and it is another person.

------------------------------------------------------------------------

[me]
> I recently bought bru (full version) for Linux.  When xbru installs, it
> creates a /usr/local/lib/bru directory with mode 777.  Is this mode
> required for some reason?  Because, if not, it looks a little loose to me?

[est]
> Yes, at the present time it does need to be 777.  Bru does some work which
> requires that mode; however, I've turned this one over to our programming shop
> to look at a change to this in the future.  Thank you for the inquiry.

[me]
> Hmm.  Doesn't that seem like a bad idea?  What's to keep any of my users
> from mucking about in there?  Nothing.  And what about a tcl/tk proficient
> user?  Since xbru would be run as root more often than not, what's to keep
> them from adding some nasties to the source?  Nothing.  It looks like a
> pretty major security hole to me.

[est]
> I passed your message on to our engineering staff for future implementations
> and, about two minutes later, the senior member was in my office with concern
> written on his face :(
>
> It appears as though the program was NOT suppose to go out 777 -- rather
> 1777.  That little sticky bit of a difference provides for the security of
> ownership.  Thank you for bringing this to our attention.
>
> You can make the following change to your system as shown:
>
>        chmod 1777 /usr/local/lib/bru   (assuming root login)


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: Are there any efficient backup programs for Linux?
  - From: stick@richnet.net

Prev by Date: Re: Netscape and deep displays
Next by Date: Re: MTA Suggestion
Previous by thread: Re: Are there any efficient backup programs for Linux?
Next by thread: Laptop modem in need of psychiatric help.
Index(es):
- Date
- Thread