bug-gnu-utils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: feature(?) in locate

From: Tim Mooney
Subject: Re: feature(?) in locate
Date: 3 Dec 2000 00:27:08 GMT 
In article <address@hidden>,
Andrew Comech <address@hidden> wrote:
> 
> Hi,
> I was wondering whether the following is a bug or feature of locate:
> ========================================================
> Port:~$ ls /root
> ls: /root: Permission denied
> Port:~$ find /root -name *.* -print
> find: /root: Permission denied
> Port:~$ locate /root
> /root
> /root/.bashrc
> /root/.bash_history
> ..
> /root/user_peter_passwd_is_3cows7legs
> /root/my-boss-is-asshole.txt
> ========================================================
> Formally, this seems to be a security violation, although I have no 
> idea how this could be exploited. 

:-)  It's not a problem with locate, it's a problem with how you're
running updatedb.  It can't be directly exploited, but it does tend to
give out information that probably shouldn't be given out, and it might
make it slightly easier to use some *other* exploit (i.e. one that requires
you know the name of a file you would like to view from some directory
you don't have permissions on).

The idea is that you never run programs with more permissions than they
require.  You probably should consider running `updatedb' as `nobody'
or some other "no permissions" user.  That way it will not be able to
walk any directory a normal user couldn't, so it can't see any files
a normal user couldn't.  locate therefore won't be able to see those
files either, since it uses the database built by updatedb.

Some sites keep a "normal" database for use with locate, updated by
running updatedb as user nobody, and they also keep a "admins only"
database, which is generated by running updatedb as root.  This database
should have restrictive permissions (root:wheel, root:system, or
whatever, and probably modes 440).  locate allows you to select which
database to use at runtime, so the admins can run locate against a "full"
list of files, while normal users can only locate the files they can see.

An example of how we run updatedb:

if test -f /local/gnu/bin/updatedb ; then
        su - nobody -c '/local/gnu/bin/updatedb --prunepaths="/tmp /var/tmp 
/usr/tmp /proc /dev/fd /var/preserve" --output=/local/gnu/var/locatedb 
2>/dev/null'
fi

Tim
-- 
Tim Mooney                              address@hidden
Information Technology Services         (701) 231-1076 (Voice)
Room 242-J1, IACC Building              (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
reply via email to
[Prev in Thread] Current Thread [Next in Thread]