Re: slocate bug.

[Jay Beale <jay () nova umuc edu>]

In the wise words of Rodrigo Barbosa:

> On Thu, Feb 21, 2002 at 09:54:39AM +0000, Wodahs Latigid wrote:
> > > Again, on Conectiva Linux snapshot:
> > >
> > > frodo [/home/rodrigob] > slocate abc -oMoP
> > > fatal error: slocate: Must specify an 'Update' database option first.
> > > frodo [/home/rodrigob] > ls -lap MoP
> > > ls: MoP: No such file or directory
> > Just out of curiosity, if you give it the
> > required option (the 'Update' database
> > option), plus the -o option, does it
> > still not create the file?
>
> Yes, the file is created. But as far as I undertood the docs, this is
> the expected behaviour.
> And reading about the tests of the other list subscribers, looks like
> there is no system with any file writable by group slocate.
> Now, the question remains: is it possible to compromisse anything with
> it ? At first glance, I'm tempted to say "no".

Welp, it does seem like auditting the code might prove fruitful.  If 
they can make that mistake, perhaps there's another overflow, possibly
in code that takes filenames in from directories.  Filenames would
definitely constitute user input.  My thought is to look at the size of 
the buffer and look at the maximum allowable filesize under the different
filesystems now supported under each operating system its been ported to.  Since 
the Solaris support is only 9 months old, one might get lucky there.


  - Jay