Date: Thu, 08 Jun 2000 12:47:20 -0700 From: Tim Jones <tjones@estinc.com> To: letters@lwn.net Subject: BRU Security Exploit Posts As the development manager on the EST's BRU product, I would like to snuff out the small firestorm that has surfaced around our BRU product. First, we sincerely appreciate users for providing feedback and assisting in the evolution our products. EST's corporate servicemark of "Software You Can Trust," is based on our commitment to ensuring that our products are both secure and bug-free. This particular security issue is easily resolved as outlined in the SecurityFocus.com posting. To recap the fix, by simply removing the SUID bit on the /bin/bru and /bru/bru files, the potential exploit is totally closed. To un-SUID the BRU executables, issue the following commands as root: chmod 711 /bin/bru chmod 711 /bru/bru However, the slightly extremist stand that the permissions should be changed to 500 is not necessary, and could disable the product's usefulness for data backup by non-root users. BRU can live happily with permissions set to 511, or even 711 - as shown above, and remain secure while allowing users to properly backup files. The only reason for the root suid setting was to enable logfile write access by all BRU users. To enable logfile writes for non-root users after the SUID bit is cleared, simply set the permissions on the /var/log/bruexeclog file to 777, or add an environment variable to the users' login environment that assigns the BRUEXECLOG environment variable to a file to which the user has write permission. This issue does not exist in our new BRU 16.0 release as no files are installed SUID root. -- Tim Jones tjones@estinc.com Vice President http://www.estinc.com/ Enhanced Software Technologies, Inc. (602) 470-1115 "The BRU Guys"