Re: overwrite any file with updatedb

[bandregg () REDHAT COM (Bryan Andregg)]

On Sun, 1 Mar 1998 22:44:11 -0500, Cain wrote:

> If this is already known, my apologies. It seemed very strange that this
> worked, so I thought it would be mentionable.
>
> On many linux systems(Redhat imparticularly) updatedb is run nightly
> around 1:00. When it sorts the files that find gets, it creats a few files
> in /tmp called sort0<pid>000{1,2,etc}. Each is around 512k. The
> first file is created and filled, then if necassary, another is created
> and so on until it has your whole filesystem into a nice database. Well,
> once the first file is created you can easily guess what the next filename
> will be called as only the last character will change. If you create a
> link to say, the shadow password file, updatedb will kindly overwrite it
> for you. Ex:

It should be pointed out that on Red Hat 4.2 and 5.0 updatedb runs as user
nobody by default.

This is not a security issue unless you are running a distribution at least a
year old.

We will be checking for the proper use of temp files in the source also.

--
                Bryan C. Andregg * <bandregg () redhat com> * Red Hat Software

"Donnie were much more 'user-friendly'. May be you selective
       about friends:-)" -- Levente Farkas

"Hey, wait a minute, you clowns are on dope!"
        -- Owen Cheese in 'Shakes the Clown'