Date: Sat, 9 Feb 2002 18:29:52 -0800 (PST) From: "f. johan beisser" <jan@caustic.org> To: freebsd-gnats-submit@FreeBSD.org Subject: conf/34780: locate(1)'s database is generated with root permissions Message-ID: <200202100229.g1A2TqT88107@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 34780 >Category: conf >Synopsis: locate(1)'s database is generated with root permissions >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Feb 09 18:30:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: f. johan beisser >Release: -CURRENT. problem also exists in -STABLE. >Organization: >Environment: >Description: the locate(1) database is generated with root permissions. this allows any user to find the existance of any other users files through the locate(1) command. this means doing a search for any users login, you can get a list of all of the files in their home direcotry, no matter what permissions the file has. technically, this is a privacy violation by periodic(8). locate.mklocatedb creates the /var/db/locate.database as whoever the invoking user happens to be. since 310.locate (/etc/periodic/weekly/310.locate) is called by root, it doesn't pay any attention to user set permissions while generating the database. >How-To-Repeat: it's repeated every week by periodic(8). >Fix: stop generating the locate database as the root user. the other option is to set up locate(1) a bit more securely via adjusting the locate.rc (/etc/locate.rc) or by excluding user home directories (/usr/home) automagically. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202100229.g1A2TqT88107>