From owner-freebsd-questions@FreeBSD.ORG Tue Dec 18 22:44:32 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4518A26A for ; Tue, 18 Dec 2012 22:44:32 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ee0-f51.google.com (mail-ee0-f51.google.com [74.125.83.51]) by mx1.freebsd.org (Postfix) with ESMTP id BF9948FC15 for ; Tue, 18 Dec 2012 22:44:31 +0000 (UTC) Received: by mail-ee0-f51.google.com with SMTP id d4so656016eek.38 for ; Tue, 18 Dec 2012 14:44:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:date:from:to:subject:message-id:in-reply-to:references :x-mailer:mime-version:content-type:content-transfer-encoding; bh=3m05Vjuv1zoLmGTWt7uKBd3/LyG/1MQfg8pN6cz6ncA=; b=ieVvzXbifafFEOR56uekq8Nv0qLTXQvBriBKowVV/VozXD2bXmkkLuQSSC0QN/zBY5 RQdVGWbatQaMydbvBK8cfRu9WZ/SNQcHDstuDGD1qNyUYPRhdKfEmKQnO9aOUiPzUQgK shomK/vY9QdS3re69CYFbHweCtxlx39NqWez9dgrpQ0sTSjA4FZULl9Yg0DheJfRBf4k Z2IVConuYD5LOMY1z5e5XKdAMeQGzorY9+9qxRyIV6J8W+jke5oY4tNQE+QaXj1rDN3a ETPH47inL6kypid2qdEnDngziD4cuzJ5MtpPFS6/F85FYlPzIB3QCMZah1uyNv3aMUtR vCqw== X-Received: by 10.14.215.6 with SMTP id d6mr9245944eep.40.1355870670490; Tue, 18 Dec 2012 14:44:30 -0800 (PST) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id b49sm5901779eem.16.2012.12.18.14.44.27 (version=SSLv3 cipher=OTHER); Tue, 18 Dec 2012 14:44:29 -0800 (PST) Date: Tue, 18 Dec 2012 22:44:25 +0000 From: RW To: freebsd-questions@freebsd.org Subject: Re: updatedb? Message-ID: <20121218224425.49f2f481@gumby.homeunix.com> In-Reply-To: <20121218225329.f465fc6a.freebsd@edvax.de> References: <20121218213250.131de35c@gumby.homeunix.com> <20121218225329.f465fc6a.freebsd@edvax.de> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Dec 2012 22:44:32 -0000 On Tue, 18 Dec 2012 22:53:29 +0100 Polytropon wrote: > On Tue, 18 Dec 2012 21:32:50 +0000, RW wrote: > > On Tue, 18 Dec 2012 21:01:33 +0000 (UTC) > > Walter Hurry wrote: > > > > > $ sudo /usr/libexec/locate.updatedb > > > >>> WARNING > > > >>> Executing updatedb as root. This WILL reveal all filenames > > > >>> on your machine to all login users, which is a security risk. > > > $ > > > > > > Why is it a "security risk"? Security through obscurity? Really? > > > In this day and age? > > > > > > Or am I missing something? > > > > If permissions have been set to prevent other users reading > > filenames then obviously leaking file names is security issue. > > There are no "leaking file names", There is from the perspective of an ordinary user that's configured directories under ~ to be confidential. > as by command, the tool does > what it is requested to: to not obey the restrictions that apply > in its _normal_ use and list _all_ file names instead. Obviously. But the warning is intended for people that haven't thought through the consequences of what they are doing. On Tue, 18 Dec 2012 22:49:43 +0100 Bas Smeelen wrote: > Yes. But as stated before it defaults to run as user nobody. > > Line 26 /etc/periodic/weekly/310.locate > echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3 This is true but not very relevant. It runs as nobody from the periodic script, but the warning comes from locate.updatedb itself, which may be run independently of 310.locate. > If someone runs it as root it can be, as everything being run as > root, a security issue. Not really, mostly when things are run as root there is an additional risk. Very few things do the wrong thing simply as a consequence of running as root so it warrants a warning.