Date: Sat, 9 Feb 2002 18:29:52 -0800 (PST) From: "f. johan beisser" <jan@caustic.org> To: freebsd-gnats-submit@FreeBSD.org Subject: conf/34780: locate(1)'s database is generated with root permissions Message-ID: <200202100229.g1A2TqT88107@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 34780
>Category: conf
>Synopsis: locate(1)'s database is generated with root permissions
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 09 18:30:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: f. johan beisser
>Release: -CURRENT. problem also exists in -STABLE.
>Organization:
>Environment:
>Description:
the locate(1) database is generated with root permissions. this allows any user to find the existance of any other users files through the locate(1) command. this means doing a search for any users login, you can get a list of all of the files in their home direcotry, no matter what permissions the file has.
technically, this is a privacy violation by periodic(8). locate.mklocatedb creates the /var/db/locate.database as whoever the invoking user happens to be. since 310.locate (/etc/periodic/weekly/310.locate) is called by root, it doesn't pay any attention to user set permissions while generating the database.
>How-To-Repeat:
it's repeated every week by periodic(8).
>Fix:
stop generating the locate database as the root user.
the other option is to set up locate(1) a bit more securely via adjusting the locate.rc (/etc/locate.rc) or by excluding user home directories (/usr/home) automagically.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202100229.g1A2TqT88107>