[22066] in bugtraq
Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate
daemon@ATHENA.MIT.EDU (Josh Smith)
Wed Aug 1 17:44:12 2001
Date: Wed, 1 Aug 2001 16:04:17 -0400 (EDT)
From: Josh Smith <josh@viper.falcon-networks.com>
To: "Jeremy C. Reed" <reed@reedmedia.net>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <Pine.LNX.4.21.0108011137240.10725-100000@pilchuck.reedmedia.net>
Message-ID: <Pine.LNX.4.33.0108011551410.10958-100000@viper.falcon-networks.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
In slackware, it is constantly owned by nobody. However, even if
it is only owned for nobody for a certain period of time, it just creates
a race condition and is still "a problem."
>
> This don't say whether the locate database is always owned by nobody or
> just temporary. (I am not at a slackware box.) I am just curious, because
> some operating systems first create the database as nobody and then
> immediately change the ownership (via a weekly cron job for example).
>
> If it is just temporary, then I assume an exploit must be timed.
>
> But, if it always owned by nobody, then that is a problem. Nothing should
> really be owned by "nobody" -- isn't that the purpose of the unprivileged
> user?
