Vulnerability Development mailing list archives

Re: slocate bug.

From: "Larry W. Cashdollar" <lwc () vapid dhs org>
Date: Sat, 16 Feb 2002 18:31:42 -0500 (EST)

Kurt Seifried wrote:

Ack ergh sputter (brain burp, my bad!). Yes, unless the group write bit is
set it is not an issue (and that shouldn't happen). Just checked and none of
the files group slocate owns on Red Hat 7.2 are writeable, so that's good,
but I can't speak for other distros, so you should check: "find / -group
slocate -perm +0020", note that any symlinks owned by group slocate will
show up. Considering the number of errors vendors make on file permissions
it is certainly possible someone has a slocate binary writeable by group
slocate.


I attempted this on a Mandrake 8.0 machine I have, I only found the slocate
and locate binaries with group owned permissions.  Perhaps someone can
check another distro?

-- Larry C$

Current thread:

slocate bug. Ehud Tenenbaum (Feb 14)
- Re: slocate bug. KF (Feb 14)
  - Re: slocate bug. Rodrigo Barbosa (Feb 15)
    - Re: slocate bug. Guilherme Mesquita (Feb 15)
    - Re: slocate bug. Kurt Seifried (Feb 16)
    - Re: slocate bug. Larry W. Cashdollar (Feb 16)
    - Re: slocate bug. Kurt Seifried (Feb 16)
    - Re: slocate bug. Larry W. Cashdollar (Feb 16)
    - Re: slocate bug. Larry W. Cashdollar (Feb 17)
    - Re: slocate bug. Rodrigo Barbosa (Feb 21)
    - Re: slocate bug. Rodrigo Barbosa (Feb 21)
  - RE: slocate bug. John Adair (Feb 15)
- <Possible follow-ups>
- Re: slocate bug. jaytee () email it (Feb 14)
- Re: slocate bug. Wodahs Latigid (Feb 15)
  - Re: slocate bug. Rodrigo Barbosa (Feb 20)
- Re: slocate bug. Wodahs Latigid (Feb 21)
  - Re: slocate bug. Rodrigo Barbosa (Feb 21)
    - Re: slocate bug. Jay Beale (Feb 24)