Date: Wed, 19 Dec 2012 00:10:31 +0100 From: Bas Smeelen <b.smeelen@ose.nl> To: freebsd-questions@freebsd.org Subject: Re: updatedb? Message-ID: <50D0F7E7.2070809@ose.nl> In-Reply-To: <CADGWnjU5f=DGH97mEM0pXM0tVowB_rtXma6KnS7mNg=d4OVqXw@mail.gmail.com> References: <kaqljd$gj4$1@ger.gmane.org> <CADGWnjU5f=DGH97mEM0pXM0tVowB_rtXma6KnS7mNg=d4OVqXw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/18/12 23:04, C. P. Ghost wrote: > On Tue, Dec 18, 2012 at 10:01 PM, Walter Hurry <walterhurry@gmail.com> wrote: >> $ sudo /usr/libexec/locate.updatedb >>>>> WARNING >>>>> Executing updatedb as root. This WILL reveal all filenames >>>>> on your machine to all login users, which is a security risk. >> $ >> >> Why is it a "security risk"? Security through obscurity? Really? In this >> day and age? >> >> Or am I missing something? > Suppose someone managed to start a shell under your account > and is seeking to escalate privileges, i.e. to become root. If he can > look at a full unrestricted locatedb, he may pay particular attention > to config files, log files etc... that may otherwise be hidden from sight. > > Just by looking at this, he may infer that a particular software package > at a particular revision is actually running on that host and is configured > in a particular way. E.g., he may see that logfiles accumulate in /var/log > and are cleaned only once a week. It would be then easy to induce that > program to create more log files, thus denying service to other programs > that need /var as well. This, in turn, could result in real exploits of those > other programs... > > Sure, most of this is already world-visible and in the regular locatedb > because we're so liberal with the rights of /var/db/pkg, /var/log, /etc, ... but > some admins prefer to hide particularly sensitive programs, their configs, > logs etc., in a non-world-readable directory hierarchy. Running > locate.updatedb(8) with root privileges would defeat that strategy. > That's why it is discouraged. > > Of course, this is even more necessary when you have regular users on > that machine that don't necessarily trust each others. They wouldn't like > their home dirs to be world-readable by default by everyone else. Maybe > they won't object (and set /home/$USER to -rwxr-xr-x instead of -rwxr-x--- > or -rwx------) but that's their call, not the sysadmin's. > > -cpghost. > Sorry, cpghost, I missed the point. Clear explanation. Should such programs be modified so there is never a change to being run as root? I guess there are environments where measures like these are taken, no warning, just refuse to run as root?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50D0F7E7.2070809>