| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Jan 2007 18:28:17 +0000 From: Dennis Jackson <dennis.jackson@...rect.co.uk> To: <steven@...terwebnet.com>, <dennis.jackson@...rect.co.uk> Cc: bugtraq <bugtraq@...urityfocus.com>, Subject: Re: slocate leaks filenames of protected directories Curious. This problem doesn't happen for me with version 2.7. As root # cd /root # mkdir dir # chmod 711 dir # cd dir # touch hiddenfile # cd .. # /usr/bin/slocate -c -u As an ordinary user $ ls -l /root/dir /usr/bin/ls: /root/dir: Permission denied $ slocate hiddenfile $ slocate -V Secure Locate 2.7 - Released January 24, 2003 $ Just to check the file really is there $ ls -l /root/dir/hiddenfile -rw-r--r-- 1 root root 0 Jan 10 18:14 /root/dir/hiddenfile $ But as root # slocate hiddenfile /root/dir/hiddenfile # ----- Original Message ----- From: steven@...terwebnet.com <steven@...terwebnet.com> Sent: 10/01/2007 01:29:35 Subject: slocate leaks filenames of protected directories > * Version tested: 3.1 > > * Problem description: slocate doesn't check readability bit of containing > directory. It can divulge the existence of files in a directory that is > unreadable (e.g. by the 'ls' command) by a user. > > * Demonstration: > > As user1: > > $ cd /tmp > $ mkdir dir > $ chmod 711 dir > $ cd dir > $ touch "a-secret-file" > $ cd .. > > $ updatedb -o db -U dir > > As user2: > > $ cd /tmp > $ ls dir > ls: .: Permission denied > > But: > > $ slocate -d db file > dir/a-secret-file
Powered by blists - more mailing lists