From owner-freebsd-questions  Sun Apr 21 15:39:58 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-165-226-18.dsl.lsan03.pacbell.net [64.165.226.18])
	by hub.freebsd.org (Postfix) with ESMTP
	id CCF6F37B417; Sun, 21 Apr 2002 15:38:05 -0700 (PDT)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 63F2E66C8C; Sun, 21 Apr 2002 15:38:05 -0700 (PDT)
Date: Sun, 21 Apr 2002 15:38:05 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: "Dan Mahoney, System Admin" <danm@prime.gushi.org>
Cc: questions@freebsd.org, security@freebsd.org
Subject: Re: Locate revealing contents of root:wheel 700 directories
Message-ID: <20020421153805.A22029@xor.obsecurity.org>
References: <20020421131741.U39364-100000@prime.gushi.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="liOOAslEiF7prFVr"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020421131741.U39364-100000@prime.gushi.org>; from danm@prime.gushi.org on Sun, Apr 21, 2002 at 01:27:14PM -0400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--liOOAslEiF7prFVr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sun, Apr 21, 2002 at 01:27:14PM -0400, Dan Mahoney, System Admin wrote:
> Hi, I noticed that in freeBSD 4.5, locate shows the contents of all
> folders, even in my previously root:wheel 700 directory, /mnt/var/log.

Only if you run the locate.updatedb utility as root (i.e. in a
non-default way).  locate only searches the database, it doesn't have
any extra privileges.

Kris

--liOOAslEiF7prFVr
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8wz9MWry0BWjoQKURAg3EAJ9rY5SqD4J7cR8lZKtZ0n6NiGyNjACdFyAn
LNZibPaHQkRBI810MWX4PDE=
=s0ML
-----END PGP SIGNATURE-----

--liOOAslEiF7prFVr--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message