Date: Fri, 21 Sep 2001 22:42:31 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: <cjclark@alum.mit.edu> Cc: <freebsd-audit@FreeBSD.ORG> Subject: Re: Misuse of 'nobody' user for locate(1) Message-ID: <20010921221010.C75698-100000@delplex.bde.org> In-Reply-To: <20010920205706.A3050@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 20 Sep 2001, Crist J. Clark wrote:
> The original purpose of the 'nobody' user was for "anonymous" NFS
> access. This is the account to which the superuser on a remote system
> is mapped. ...
This has rotted under FreeBSD. The superuser is mapped to (uid_t)-2,
which is 0xFFFFFFFE, but "nobody" has uid 0xFFFE.
> Here are the patches. Any comments about them or the whole idea of
> eliminating 'nobody' ownership of files? Thanks.
This seems reasonable.
> Index: src/etc/periodic/weekly/310.locate
> ===================================================================
> RCS file: /export/ncvs/src/etc/periodic/weekly/310.locate,v
> retrieving revision 1.6
> diff -u -r1.6 310.locate
> --- src/etc/periodic/weekly/310.locate 2000/09/14 17:19:13 1.6
> +++ src/etc/periodic/weekly/310.locate 2001/09/21 03:14:09
> @@ -18,12 +18,9 @@
>
> locdb=/var/db/locate.database
>
> - touch $locdb && rc=0 || rc=3
> - chown nobody $locdb || rc=3
> - chmod 644 $locdb || rc=3
> -
> cd /
> - echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3
> + { echo /usr/libexec/locate.updatedb |
> + nice -5 su -fm nobody; } > $locdb || rc=3
> chmod 444 $locdb || rc=3;;
>
> *) rc=0;;
src/etc/Makefile still installs /var/db/locate.database with bogus
ownership nobody:wheel and insecure mode 644. 644 would be correct
if the file were owned by root. Then the "chmod 444" would be redundant.
> Index: src/usr.bin/locate/locate/updatedb.sh
> ===================================================================
> RCS file: /export/ncvs/src/usr.bin/locate/locate/updatedb.sh,v
> retrieving revision 1.17
> diff -u -r1.17 updatedb.sh
> --- src/usr.bin/locate/locate/updatedb.sh 2000/01/12 08:01:01 1.17
> +++ src/usr.bin/locate/locate/updatedb.sh 2001/09/21 03:49:55
> @@ -44,7 +44,6 @@
>
>
> : ${mklocatedb:=locate.mklocatedb} # make locate database program
> -: ${FCODES:=/var/db/locate.database} # the database
> : ${SEARCHPATHS:="/"} # directories to be put in the database
> : ${PRUNEPATHS:="/tmp /usr/tmp /var/tmp"} # unwanted directories
> : ${FILESYSTEMS:="ufs"} # allowed filesystems
> @@ -81,8 +80,8 @@
> $mklocatedb -presort > $tmp
> then
> case X"`$find $tmp -size -257c -print`" in
> - X) cat $tmp > $FCODES;;
> - *) echo "updatedb: locate database $tmp is empty"
> + X) cat $tmp;;
> + *) echo "updatedb: locate database $tmp is empty" >&2
> exit 1
> esac
> fi
The man page needs correspinding changes.
> Index: src/usr.bin/locate/locate/locate.rc
> ===================================================================
> RCS file: /export/ncvs/src/usr.bin/locate/locate/locate.rc,v
> retrieving revision 1.8
> diff -u -r1.8 locate.rc
> --- src/usr.bin/locate/locate/locate.rc 1999/08/28 01:02:59 1.8
> +++ src/usr.bin/locate/locate/locate.rc 2001/09/21 03:14:25
> @@ -9,9 +9,6 @@
> # temp directory
> #TMPDIR="/tmp"
>
> -# the actual database
> -#FCODES="/var/db/locate.database"
> -
> # directories to be put in the database
> #SEARCHPATHS="/"
>
The location was supposed to be controlled by /etc/rc.locate, with the
update script providing a default. It was another bug that the periodic
script hard-coded the location.
Bruce
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010921221010.C75698-100000>