Bugtraq mailing list archives
Re: slocate leaks filenames of protected directories
From: Ben Wheeler <b.wheeler () ulcc ac uk>
Date: Fri, 12 Jan 2007 21:18:47 +0000
On Thu, Jan 11, 2007 at 12:50:49PM -0600, Dave Moore wrote:
chmod 711 dir sets permissions: drwx--x--x But for directories the x doesn't mean executable, it means searchable.
...
Or am I missing something?
You're missing what "searchable" means. It means you can cd into the directory and you can access files within the directory *if* you know their exact name (and have appropriate perms on those files) but you *cannot* list the directory's contents. Thus if slocate allows you to list the contents of such a directory just by specifying the name of the directory, or a single character of a file within the directory, it is laxer security than the directory permissions allow. Not the world's most pressing security problem, but a problem nonetheless. Ben
Current thread:
- slocate leaks filenames of protected directories steven (Jan 10)
- <Possible follow-ups>
- Re: slocate leaks filenames of protected directories Dennis Jackson (Jan 10)
- Re: slocate leaks filenames of protected directories Ben Wheeler (Jan 11)
- Re: slocate leaks filenames of protected directories Dave Moore (Jan 12)
- Re: slocate leaks filenames of protected directories Ben Wheeler (Jan 12)
- Re: slocate leaks filenames of protected directories Ben Wheeler (Jan 11)