Re: slocate bug.

["Kurt Seifried" <bugtraq () seifried org>]

> On Fri, 15 Feb 2002, Kurt Seifried wrote:
>
> > [seifried@vomit seifried]$ ls -l /usr/bin/slocate
> > -rwxr-sr-x    1 root     slocate     25020 Jun 25  2001 /usr/bin/slocate
> >
> > I am group slocate. I can write to slocate binary. root runs slocate
(well,
> > locate, which is a link to slocate). I think that might be a problem.
>
> The group write permission bit isn't set on the slocate binary so you cant
> write to it, and if your using a binary to write over itself aren't you
> going to get a text file busy error?

Ack ergh sputter (brain burp, my bad!). Yes, unless the group write bit is
set it is not an issue (and that shouldn't happen). Just checked and none of
the files group slocate owns on Red Hat 7.2 are writeable, so that's good,
but I can't speak for other distros, so you should check: "find / -group
slocate -perm +0020", note that any symlinks owned by group slocate will
show up. Considering the number of errors vendors make on file permissions
it is certainly possible someone has a slocate binary writeable by group
slocate.

> -- larry

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html