Date: Sun, 21 Apr 2002 13:27:14 -0400 (EDT) From: "Dan Mahoney, System Admin" <danm@prime.gushi.org> To: questions@freebsd.org Cc: security@freebsd.org Subject: Locate revealing contents of root:wheel 700 directories Message-ID: <20020421131741.U39364-100000@prime.gushi.org>
next in thread | raw e-mail | index | archive | help
Hi, I noticed that in freeBSD 4.5, locate shows the contents of all folders, even in my previously root:wheel 700 directory, /mnt/var/log. (It's my /var/log directory). I don't recall this being the case previously, and I thought for a moment that it was like the linux slocate, where the locate tool respects permissions (i.e. I wouldn't be able to see the contents of /var/log if I weren't root), but su -ling down to an unprivileged user has confirmed this. I should note that the crontab which calls locate checks for file ownership, but by default, shouldn't the locate utility? -Dan Mahoney -- "And, a special guest, from the future, miss Ria Pischell. Miss Pischell, as you all know, is the inventor of the Statiophonic Oxygenetic Amplifiagraphaphonadelaverberator, and it's pretty hard to imagine life without one of those. -Rufus, Bill & Ted's Bogus Journey --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Web: http://prime.gushi.org finger danm@prime.gushi.org for pgp public key and tel# --------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020421131741.U39364-100000>