[22100] in bugtraq
Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate
daemon@ATHENA.MIT.EDU (Dylan Griffiths)
Fri Aug 3 00:24:13 2001
Message-ID: <3B69EB24.7DE3644B@bigfoot.com>
Date: Thu, 02 Aug 2001 18:07:00 -0600
From: Dylan Griffiths <Dylan_G@bigfoot.com>
MIME-Version: 1.0
To: Brian Smith <avalon73@arthurian.nu>
Cc: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Brian Smith wrote:
> It's apparently something that's changed in later versions of Slackware.
> Here's one from my machine, which was originally Slack3.5 (before going
> through several upgrades, of course):
>
> -rw-r--r-- 1 root root 740500 Aug 1 04:03 locatedb
This happened because:
# This updates the database for 'locate' every day:
40 04 * * * cd / ; updatedb 1> /dev/null 2> /dev/null
was moved from
/var/spool/cron/crontabs/root
to
/var/spool/cron/crontabs/nobody
Because, when run as root, everyone who ran GNU locate could see whatever
files root could see (such as other people's how directories).
I suggest you either upgrade Slackware to slocate (
http://www.geekreview.org/slocate/ ) which is safe to run as root since its
locate will check if you're allowed to see the files in shows, or assign
each subsystem its own UID (which is a good idea anyways :)).
Hopefully someone who con officially fix Slackware (Pat, Dave, Chris, etc)
can get a solid fix into the base distro.
--
www.kuro5hin.org -- technology and culture, from the trenches.
