bit-team/backintime

GitHub

github.com

backintime.readthedocs.io

Releases73

Frequency2 months 3 weeks

Last Release 4 months ago

Stars2.59K

A comfortable and well-configurable graphical Frontend for incremental backups, with a command-line version also available. Modified files are transferred, while unchanged files are linked to the new folder using rsync's hard link feature, saving storage space. Restoring is straightforward via file manager, command line or Back In Time itself.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2017-16667 ↗	Nov 8, 2017Wednesday, 8 November 2017, 18:29	—	9.3 HIGH
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.
CVE-2017-7572 ↗	Apr 6, 2017Thursday, 6 April 2017, 18:59	—	9.3 HIGH
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.