[3864] in bugtraq
Re: Problem with default slackware crontabs
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Dec 24 22:16:33 1996
Date: Tue, 24 Dec 1996 21:31:54 -0500
Reply-To: Jared Mauch <jared@wolverine.hq.cic.net>
From: Jared Mauch <jared@wolverine.hq.cic.net>
X-To: jon@betterthan.northstar.k12.ak.us
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199612242343.OAA29471@betterthan.northstar.k12.ak.us> from Jon
Snyder at "Dec 24, 96 02:34:51 pm"
Updatedb is intended to be run as the "nobody" user, so you could
point symlinks and whatnot elsewhere in the differnet tmp locations,
and in a home directory (if your system has a home directory for
the nobody user).
This should be fixed by the folks at gnu. I've cc:ed them here.
- Jared
Jon Snyder graced my mailbox with this long sought knowledge:
> Using Slackware 3.0, I noticed a problem with the default root crontab. It
> runs updatedb at 7:40 a.m. every day, but unforunately updatedb has a
> temporary file security problem--it doesn't check for symlinks (or if the
> file exists, for that matter). updatedb will write to /var/tmp (or
> /usr/tmp), and although the filename includes the PID of the shell the
> script is running under, a vulnerability still exists. I've taken updatedb
> out of my crontab, because locate is never used on my system. However, it
> might be wise to modify the script so as to prevent exploits from
> compromising your systems.
>
>
> Jon Snyder
> Student Network Technician, FNSBSD
> (907) 452-2000 x. 376
>
