![[LWN Logo]](/images/lc.png) |
|
![[Timeline]](/images/Included.png) |
Date: Thu, 08 Jun 2000 12:47:20 -0700
From: Tim Jones <tjones@estinc.com>
To: letters@lwn.net
Subject: BRU Security Exploit Posts
As the development manager on the EST's BRU product, I would like to
snuff out the small firestorm that has surfaced around our BRU product.
First, we sincerely appreciate users for providing feedback and
assisting in the evolution our products. EST's corporate servicemark of
"Software You Can Trust," is based on our commitment to ensuring that
our products are both secure and bug-free. This particular security
issue is easily resolved as outlined in the SecurityFocus.com posting.
To recap the fix, by simply removing the SUID bit on the /bin/bru and
/bru/bru files, the potential exploit is totally closed. To un-SUID the
BRU executables, issue the following commands as root:
chmod 711 /bin/bru
chmod 711 /bru/bru
However, the slightly extremist stand that the permissions should be
changed to 500 is not necessary, and could disable the product's
usefulness for data backup by non-root users. BRU can live happily with
permissions set to 511, or even 711 - as shown above, and remain secure
while allowing users to properly backup files. The only reason for the
root suid setting was to enable logfile write access by all BRU users.
To enable logfile writes for non-root users after the SUID bit is
cleared, simply set the permissions on the /var/log/bruexeclog file to
777, or add an environment variable to the users' login environment that
assigns the BRUEXECLOG environment variable to a file to which the user
has write permission.
This issue does not exist in our new BRU 16.0 release as no files are
installed SUID root.
--
Tim Jones tjones@estinc.com
Vice President http://www.estinc.com/
Enhanced Software Technologies, Inc. (602) 470-1115
"The BRU Guys"