[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Are there any efficient backup programs for Linux?

> Yes!  Try BRU (Backup and Restore Utility) from est.  It's not free,
> but I've been burnt more than once by free backup/restore software.
> My time, energy and certainly my data are worth the (fair) price for
> this product.  I've been using it on several different machines for
> some time now and really like it.
> I've not yet tried the latest version (recently reviewed in Linux
> Journal) but like what I'm using.

I have attached a security problem with the latest BRU I received from
another lists below.  Note [me] is not me and it is another person.


> I recently bought bru (full version) for Linux.  When xbru installs, it
> creates a /usr/local/lib/bru directory with mode 777.  Is this mode
> required for some reason?  Because, if not, it looks a little loose to me?

> Yes, at the present time it does need to be 777.  Bru does some work which
> requires that mode; however, I've turned this one over to our programming shop
> to look at a change to this in the future.  Thank you for the inquiry.

> Hmm.  Doesn't that seem like a bad idea?  What's to keep any of my users
> from mucking about in there?  Nothing.  And what about a tcl/tk proficient
> user?  Since xbru would be run as root more often than not, what's to keep
> them from adding some nasties to the source?  Nothing.  It looks like a
> pretty major security hole to me.

> I passed your message on to our engineering staff for future implementations
> and, about two minutes later, the senior member was in my office with concern
> written on his face :(
> It appears as though the program was NOT suppose to go out 777 -- rather
> 1777.  That little sticky bit of a difference provides for the security of
> ownership.  Thank you for bringing this to our attention.
> You can make the following change to your system as shown:
>        chmod 1777 /usr/local/lib/bru   (assuming root login)

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: