[484] in linux-security and linux-alert archive
Re: Fwd: CERT Advisory CA-95:14 - Telnetd Environment Vulnerability
daemon@ATHENA.MIT.EDU (Joshua Cowan)
Fri Nov 10 14:14:35 1995
Date: Fri, 10 Nov 1995 01:48:34 -0600
From: Joshua Cowan <jcowan@jcowan.reslife.okstate.edu>
To: jacob@esisys.com (Jacob Langseth)
CC: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199511100223.VAA10682@gateway.esisys.com>
[Mod: Section regarding Jacob Langseth's mistaken post about the exit(1)
call in the syslog-capable login wrapper removed; Jacob has already
posted a retraction. --Jeff.]
JL> According to the manpages, updatedb executes as daemon by
JL> default (to preserve directory permissions). Unfortunately it
JL> fails to set its UID to daemon's before executing the find,
It only runs as `daemon' when searching network directories:
--netuser=user
The user to search network directories as, using
su(1). Default is daemon.
This is the only place that running as daemon is mentioned in the man
page that comes with updatedb version 4.1.
JL> To have updatedb to run as daemon:
JL> 1) relocate the updatedb command from root's cronjob to daemon's
JL> 2) chown -R daemon.daemon /var/spool/locate
This is correct, but beware if you generate a locate db for network
directories: the `su' in the updatedb script will most likely fail.
[Mod: The patch to 'updatedb' that I posted today takes this into
account; it does su's internally before each find (for both local and
NFS filesystems), and thus must be run as root. It also adds a second
option, "--locuser=user", which behaves exactly like the "--netuser"
option (though I default both to "nobody" vice "daemon"). --Jeff.]
--
Joshua Cowan <jcowan@hermit.reslife.okstate.edu> __| I don't want to listen
http://hermit.reslife.okstate.edu/~jcowan | but it's all too clear...
Computer Engineering Student -- Oklahoma State University -- Stillwater, OK
PGP key available from any PGP keyserver or by fingering the above address.
