Re: slocate leaks filenames of protected directories Jan 10 2007 06:28PM
Dennis Jackson (dennis jackson ndirect co uk) (1 replies)
Curious. This problem doesn't happen for me with version 2.7.

As root

# cd /root
# mkdir dir
# chmod 711 dir
# cd dir
# touch hiddenfile
# cd ..

# /usr/bin/slocate -c -u

As an ordinary user

$ ls -l /root/dir
/usr/bin/ls: /root/dir: Permission denied
$ slocate hiddenfile
$ slocate -V
Secure Locate 2.7 - Released January 24, 2003
$

Just to check the file really is there

$ ls -l /root/dir/hiddenfile
-rw-r--r-- 1 root root 0 Jan 10 18:14 /root/dir/hiddenfile
$

But as root

# slocate hiddenfile
/root/dir/hiddenfile
#

----- Original Message -----
From: steven (at) masterwebnet (dot) com [email concealed] <steven (at) masterwebnet (dot) com [email concealed]>
Sent: 10/01/2007 01:29:35
Subject: slocate leaks filenames of protected directories

> * Version tested: 3.1
>
> * Problem description: slocate doesn't check readability bit of containing
> directory. It can divulge the existence of files in a directory that is
> unreadable (e.g. by the 'ls' command) by a user.
>
> * Demonstration:
>
> As user1:
>
> $ cd /tmp
> $ mkdir dir
> $ chmod 711 dir
> $ cd dir
> $ touch "a-secret-file"
> $ cd ..
>
> $ updatedb -o db -U dir
>
> As user2:
>
> $ cd /tmp
> $ ls dir
> ls: .: Permission denied
>
> But:
>
> $ slocate -d db file
> dir/a-secret-file

[ reply ]
Re: slocate leaks filenames of protected directories Jan 11 2007 11:14AM
Ben Wheeler (b wheeler ulcc ac uk) (1 replies)
Re: slocate leaks filenames of protected directories Jan 11 2007 06:50PM
Dave Moore (dave j moore gmail com) (1 replies)
Re: slocate leaks filenames of protected directories Jan 12 2007 09:18PM
Ben Wheeler (b wheeler ulcc ac uk)


 

Privacy Statement
Copyright 2010, SecurityFocus