From owner-freebsd-questions@FreeBSD.ORG Tue Dec 18 22:04:45 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F17494A1 for ; Tue, 18 Dec 2012 22:04:45 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from mail-lb0-f170.google.com (mail-lb0-f170.google.com [209.85.217.170]) by mx1.freebsd.org (Postfix) with ESMTP id 6CA488FC0C for ; Tue, 18 Dec 2012 22:04:44 +0000 (UTC) Received: by mail-lb0-f170.google.com with SMTP id j14so1184887lbo.15 for ; Tue, 18 Dec 2012 14:04:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=koh6/x0VQtHXXV/fBlhGWXW+WxdtXm3mGU2mrL6JwL8=; b=jyz7OqrZ4ol6ZSVq9oYAQHRSIHu9yFjzJrDyfy431tXkUwH0nqZn+2+naYv9q7f7qp O6h2v/JuI1CHkhVUgArKIIRQ2nnD4vXZLqqBeHa3rN8W+RXBrieZYVI3s4w3mZojgd1a UheSS+ZmHJptCLikhT83nTPhgb1TIN58V6akV49KidslLXhB9rqBpZhf9/26cwgBTGEt un533HBesUHPbgQiijPFYW/vlKVNqOCloVRBtu3XhiwolVNfedn2DZ/BfGJwRARi5ty+ EiLhpCEPA/kidBBUzY1FBaqOtoGrHFS+cL65wIEdAc2pOVflIdx1bVPT2D1xnb1HdeE7 SMGg== MIME-Version: 1.0 Received: by 10.112.82.202 with SMTP id k10mr1512138lby.22.1355868283731; Tue, 18 Dec 2012 14:04:43 -0800 (PST) Received: by 10.112.7.232 with HTTP; Tue, 18 Dec 2012 14:04:43 -0800 (PST) X-Originating-IP: [93.221.167.105] In-Reply-To: References: Date: Tue, 18 Dec 2012 23:04:43 +0100 Message-ID: Subject: Re: updatedb? From: "C. P. Ghost" To: Walter Hurry Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQmLJGAkNA95GpllsavNRQsnRiJGsl8Ny9xwEWMbw7t/OgY0+a6Z0EHQ+0jRAJK0pECfu+eP Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Dec 2012 22:04:46 -0000 On Tue, Dec 18, 2012 at 10:01 PM, Walter Hurry wrote: > $ sudo /usr/libexec/locate.updatedb >>>> WARNING >>>> Executing updatedb as root. This WILL reveal all filenames >>>> on your machine to all login users, which is a security risk. > $ > > Why is it a "security risk"? Security through obscurity? Really? In this > day and age? > > Or am I missing something? Suppose someone managed to start a shell under your account and is seeking to escalate privileges, i.e. to become root. If he can look at a full unrestricted locatedb, he may pay particular attention to config files, log files etc... that may otherwise be hidden from sight. Just by looking at this, he may infer that a particular software package at a particular revision is actually running on that host and is configured in a particular way. E.g., he may see that logfiles accumulate in /var/log and are cleaned only once a week. It would be then easy to induce that program to create more log files, thus denying service to other programs that need /var as well. This, in turn, could result in real exploits of those other programs... Sure, most of this is already world-visible and in the regular locatedb because we're so liberal with the rights of /var/db/pkg, /var/log, /etc, ... but some admins prefer to hide particularly sensitive programs, their configs, logs etc., in a non-world-readable directory hierarchy. Running locate.updatedb(8) with root privileges would defeat that strategy. That's why it is discouraged. Of course, this is even more necessary when you have regular users on that machine that don't necessarily trust each others. They wouldn't like their home dirs to be world-readable by default by everyone else. Maybe they won't object (and set /home/$USER to -rwxr-xr-x instead of -rwxr-x--- or -rwx------) but that's their call, not the sysadmin's. -cpghost. -- Cordula's Web. http://www.cordula.ws/