> Yes! Try BRU (Backup and Restore Utility) from est. It's not free, > but I've been burnt more than once by free backup/restore software. > My time, energy and certainly my data are worth the (fair) price for > this product. I've been using it on several different machines for > some time now and really like it. > > I've not yet tried the latest version (recently reviewed in Linux > Journal) but like what I'm using.
I have attached a security problem with the latest BRU I received from another lists below. Note [me] is not me and it is another person. ------------------------------------------------------------------------ [me] > I recently bought bru (full version) for Linux. When xbru installs, it > creates a /usr/local/lib/bru directory with mode 777. Is this mode > required for some reason? Because, if not, it looks a little loose to me? [est] > Yes, at the present time it does need to be 777. Bru does some work which > requires that mode; however, I've turned this one over to our programming shop > to look at a change to this in the future. Thank you for the inquiry. [me] > Hmm. Doesn't that seem like a bad idea? What's to keep any of my users > from mucking about in there? Nothing. And what about a tcl/tk proficient > user? Since xbru would be run as root more often than not, what's to keep > them from adding some nasties to the source? Nothing. It looks like a > pretty major security hole to me. [est] > I passed your message on to our engineering staff for future implementations > and, about two minutes later, the senior member was in my office with concern > written on his face :( > > It appears as though the program was NOT suppose to go out 777 -- rather > 1777. That little sticky bit of a difference provides for the security of > ownership. Thank you for bringing this to our attention. > > You can make the following change to your system as shown: > > chmod 1777 /usr/local/lib/bru (assuming root login) -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
