Bugtraq mailing list archives
Re: slocate leaks filenames of protected directories
From: Dennis Jackson <dennis.jackson () ndirect co uk>
Date: Thu, 10 Jan 2007 18:28:17 +0000
Curious. This problem doesn't happen for me with version 2.7. As root # cd /root # mkdir dir # chmod 711 dir # cd dir # touch hiddenfile # cd .. # /usr/bin/slocate -c -u As an ordinary user $ ls -l /root/dir /usr/bin/ls: /root/dir: Permission denied $ slocate hiddenfile $ slocate -V Secure Locate 2.7 - Released January 24, 2003 $ Just to check the file really is there $ ls -l /root/dir/hiddenfile -rw-r--r-- 1 root root 0 Jan 10 18:14 /root/dir/hiddenfile $ But as root # slocate hiddenfile /root/dir/hiddenfile # ----- Original Message ----- From: steven () masterwebnet com <steven () masterwebnet com> Sent: 10/01/2007 01:29:35 Subject: slocate leaks filenames of protected directories
* Version tested: 3.1 * Problem description: slocate doesn't check readability bit of containing directory. It can divulge the existence of files in a directory that is unreadable (e.g. by the 'ls' command) by a user. * Demonstration: As user1: $ cd /tmp $ mkdir dir $ chmod 711 dir $ cd dir $ touch "a-secret-file" $ cd .. $ updatedb -o db -U dir As user2: $ cd /tmp $ ls dir ls: .: Permission denied But: $ slocate -d db file dir/a-secret-file
Current thread:
- slocate leaks filenames of protected directories steven (Jan 10)
- <Possible follow-ups>
- Re: slocate leaks filenames of protected directories Dennis Jackson (Jan 10)
- Re: slocate leaks filenames of protected directories Ben Wheeler (Jan 11)
- Re: slocate leaks filenames of protected directories Dave Moore (Jan 12)
- Re: slocate leaks filenames of protected directories Ben Wheeler (Jan 12)
- Re: slocate leaks filenames of protected directories Ben Wheeler (Jan 11)