Vulnerability Development mailing list archives
Re: slocate bug.
From: "Larry W. Cashdollar" <lwc () vapid dhs org>
Date: Sat, 16 Feb 2002 18:31:42 -0500 (EST)
Kurt Seifried wrote:
Ack ergh sputter (brain burp, my bad!). Yes, unless the group write bit is set it is not an issue (and that shouldn't happen). Just checked and none of the files group slocate owns on Red Hat 7.2 are writeable, so that's good, but I can't speak for other distros, so you should check: "find / -group slocate -perm +0020", note that any symlinks owned by group slocate will show up. Considering the number of errors vendors make on file permissions it is certainly possible someone has a slocate binary writeable by group slocate.
I attempted this on a Mandrake 8.0 machine I have, I only found the slocate and locate binaries with group owned permissions. Perhaps someone can check another distro? -- Larry C$
Current thread:
- slocate bug. Ehud Tenenbaum (Feb 14)
- Re: slocate bug. KF (Feb 14)
- Re: slocate bug. Rodrigo Barbosa (Feb 15)
- Re: slocate bug. Guilherme Mesquita (Feb 15)
- Re: slocate bug. Kurt Seifried (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 16)
- Re: slocate bug. Kurt Seifried (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 17)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Rodrigo Barbosa (Feb 15)
- Re: slocate bug. KF (Feb 14)
- <Possible follow-ups>
- Re: slocate bug. jaytee () email it (Feb 14)
- Re: slocate bug. Wodahs Latigid (Feb 15)
- Re: slocate bug. Rodrigo Barbosa (Feb 20)
- Re: slocate bug. Wodahs Latigid (Feb 21)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Jay Beale (Feb 24)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)