[687] in linux-security and linux-alert archive
Re: [linux-security] locate & updatedb
daemon@ATHENA.MIT.EDU (owner-linux-security@tarsier.cv.nr)
Mon Apr 29 13:25:33 1996
From: owner-linux-security@tarsier.cv.nrao.edu
To: jordy@lava.net (Jordy)
Date: Fri, 26 Apr 1996 17:25:42 +0200 (MDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.BSI.3.91.960425030831.18748B-100000@malasada.lava.net> from "Jordy" at Apr 25, 96 03:25:19 am
Hi!
Jordy wrote:
> i'm curious about locate and updatedb. From the standard installation of
> slackware 3.0, it looks like any users can pull up the contents of any
> directory they choose.
[...]
> i've noticed this problem for quite a while. updatedb is standard in the
> crontab of root, so it can enter any directories root can enter. An easy
> fix is to simply run it as another user, or disable locate all together.
This is an old, known problem. If you really want to use locate/updatedb,
run updatedb from a *really* unprivileged uid.
Daniel
--
Daniel Roedding daniel@fiction.pb.owl.de INTJ
Padertown City +49-5251-541965 voice, 541334 data http://www.owl.de
