Vulnerability Development mailing list archives

Re: slocate bug.

From: "Kurt Seifried" <bugtraq () seifried org>
Date: Fri, 15 Feb 2002 19:59:45 -0700

Hey there,

Ok just hold on:

What would be the advantages of exploiting something which would spawn the

"slocate" group privileges? Maybe browsing users' directories? No root
yet...

[seifried@vomit seifried]$ ls -l /usr/bin/slocate
-rwxr-sr-x    1 root     slocate     25020 Jun 25  2001 /usr/bin/slocate

I am group slocate. I can write to slocate binary. root runs slocate (well,
locate, which is a link to slocate). I think that might be a problem.

-- mips


Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html

Current thread:

slocate bug. Ehud Tenenbaum (Feb 14)
- Re: slocate bug. KF (Feb 14)
  - Re: slocate bug. Rodrigo Barbosa (Feb 15)
    - Re: slocate bug. Guilherme Mesquita (Feb 15)
    - Re: slocate bug. Kurt Seifried (Feb 16)
    - Re: slocate bug. Larry W. Cashdollar (Feb 16)
    - Re: slocate bug. Kurt Seifried (Feb 16)
    - Re: slocate bug. Larry W. Cashdollar (Feb 16)
    - Re: slocate bug. Larry W. Cashdollar (Feb 17)
    - Re: slocate bug. Rodrigo Barbosa (Feb 21)
    - Re: slocate bug. Rodrigo Barbosa (Feb 21)
  - RE: slocate bug. John Adair (Feb 15)
- <Possible follow-ups>
- Re: slocate bug. jaytee () email it (Feb 14)
- Re: slocate bug. Wodahs Latigid (Feb 15)
  - Re: slocate bug. Rodrigo Barbosa (Feb 20)

(Thread continues...)