Date: Tue, 18 Dec 2012 22:53:29 +0100 From: Polytropon <freebsd@edvax.de> To: RW <rwmaillists@googlemail.com> Cc: freebsd-questions@freebsd.org Subject: Re: updatedb? Message-ID: <20121218225329.f465fc6a.freebsd@edvax.de> In-Reply-To: <20121218213250.131de35c@gumby.homeunix.com> References: <kaqljd$gj4$1@ger.gmane.org> <20121218213250.131de35c@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 18 Dec 2012 21:32:50 +0000, RW wrote: > On Tue, 18 Dec 2012 21:01:33 +0000 (UTC) > Walter Hurry wrote: > > > $ sudo /usr/libexec/locate.updatedb > > >>> WARNING > > >>> Executing updatedb as root. This WILL reveal all filenames > > >>> on your machine to all login users, which is a security risk. > > $ > > > > Why is it a "security risk"? Security through obscurity? Really? In > > this day and age? > > > > Or am I missing something? > > If permissions have been set to prevent other users reading filenames > then obviously leaking file names is security issue. There are no "leaking file names", as by command, the tool does what it is requested to: to not obey the restrictions that apply in its _normal_ use and list _all_ file names instead. See /etc/periodic/weekly/310.locate for example: The default call of locate.updatedb is this: echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3 The program (script) will additionally honor settings in the /etc/locate.rc file. So if the questioned use of "sudo /usr/libexec/locate.updatedb" to run it as root (with _all_ permissions!) leads to the intended behaviour, i. e. list _all_ files on the system, that isn't actually a leak, I'd say. (Terminology: A leak would appear if you'd run locate.updatedb with the "nobody" user, and still file names from inside a o-rwx directory would appear!) I really like the analogy provided by Devin Teske in his reply: When you run updatedb as root, it traverses all directories even those that you may have posted a big "keep out" sign on (aforementioned "chmod"). Then every non-privileged user on the system can list the contents of your secret hideout with the "keep out" sign posted on it. You might have well built that house out of glass (they can't read the contents of the books on your bookshelf, but they can see the covers and know what you've got stocked on the shelves). Again: If that's intended, locate.updatedb will act as instructed. Oh behold the unlimited power of root. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121218225329.f465fc6a.freebsd>