From owner-freebsd-hackers Mon Apr 1 08:41:02 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id IAA04245 for hackers-outgoing; Mon, 1 Apr 1996 08:41:02 -0800 (PST) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id IAA04238 Mon, 1 Apr 1996 08:40:58 -0800 (PST) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id KAA24510; Mon, 1 Apr 1996 10:40:24 -0600 From: Joe Greco Message-Id: <199604011640.KAA24510@brasil.moneng.mei.com> Subject: Re: locate To: mpp@freefall.freebsd.org (Mike Pritchard) Date: Mon, 1 Apr 1996 10:40:24 -0600 (CST) Cc: freebsd-hackers@freefall.freebsd.org In-Reply-To: <199604010600.WAA01868@freefall.freebsd.org> from "Mike Pritchard" at Mar 31, 96 10:00:10 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > What do people think of the idea of changing locate & its database > update script to keep a list of ALL files on the system, and > not just those that can been seen by the world. It always drives > me nuts when I use locate to find something I *KNOW* is on > my system, but it would not print it because it is in some directory > that is mode 750, and not 755, but it is still accessable by > my current uid/gid. BAAAAAAAAAAD idea. The problem is that you are making information available that would not otherwise be available. I remember demonstrating the vulnerability under 4.3-Tahoe at a University site where the scanner was being run as root. I went and did a find/grep for each of the CS professors, looked through their home directories, and found that one professor was kind enough to have mode 711 on his home directory (to allow the TA's access), and had a readable midterm exam under a name that one would not immediately guess. I've heard similar stories of exploitation back in the days when finger ran as root and did not check for symlinks. People would locate a file in a directory that they could not access, link .plan to it, and finger themselves. The first scenario can be fixed by teaching better security to people who should know better. It can also be fixed by running the scanner as 'nobody' instead of root. The second scenario was fixed in the source, and again also by not running the scanner as root.. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/546-7968