[me]
> I recently bought bru (full version) for Linux. When xbru installs, it
> creates a /usr/local/lib/bru directory with mode 777. Is this mode
> required for some reason? Because, if not, it looks a little loose to me?
[est]
> Yes, at the present time it does need to be 777. Bru does some work which
> requires that mode; however, I've turned this one over to our programming shop
> to look at a change to this in the future. Thank you for the inquiry.
[me]
> Hmm. Doesn't that seem like a bad idea? What's to keep any of my users
> from mucking about in there? Nothing. And what about a tcl/tk proficient
> user? Since xbru would be run as root more often than not, what's to keep
> them from adding some nasties to the source? Nothing. It looks like a
> pretty major security hole to me.
[est]
> I passed your message on to our engineering staff for future implementations
> and, about two minutes later, the senior member was in my office with concern
> written on his face :(
>
> It appears as though the program was NOT suppose to go out 777 -- rather
> 1777. That little sticky bit of a difference provides for the security of
> ownership. Thank you for bringing this to our attention.
>
> You can make the following change to your system as shown:
>
> chmod 1777 /usr/local/lib/bru (assuming root login)
- Kyle
Kyle Amon email: amonk@raleigh.ibm.com
Unix Systems Administrator phone: (203) 486-3290
Security Specialist pager: 1-800-759-8888 PIN 1616512
IBM Global Services or 1616512@skymail.com (240 char max)
email: amonk@gnutec.com
url: http://www.gnutec.com/kyle
KeyID 1024/173D96C9
Fingerprint = 90 4F 0B D4 2D 37 E7 61 1A 31 7B F2 72 04 66 1A
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of an
8-bit operating system written for a 4-bit processor by a
2-bit company who cannot stand 1 bit of competition.