| Summary: | app-backup/burp-? - denied untrusted exec (due to file in group-writable directory) of /etc/burp/timer_script by /etc/burp/timer_script[burp:19803] | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Marcin Mirosław <bug> |
| Component: | Current packages | Assignee: | Amadeusz Żołnowski (RETIRED) <aidecoe> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | aidecoe, hardened |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Marcin Mirosław
2015-10-07 12:20:50 UTC
Is there something I can do to help fix the bug? Burp needs write access to this directory at least first time. The solution would be to move these scripts into different directory, e.g. somewhere in /usr/share or /usr/lib. The easiest way is set more narrow permissons of directory /etc/burp. Moving scripts to /usr/share is also good idea but I think it's something which can be done in burp-2.x. Didi you consider to add masked ebuild for burp 2.X to the tree? With protocol=1 should be faster than burp-1.x (as we saw recently, with protocol=2 we can have data corruption in backup). Burp needs this to be writeable. Easier would be to move these scripts out of /etc, actually. Wrt burp-2.0 - no until upstream consider it stable. There's no point having a masked ebuild in the tree. Fixed in burp-1.4.40-r3. I have moved scripts out of /etc. Permissions remain. Thank you. |
