lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070110012935.29786.qmail@securityfocus.com> Date: 10 Jan 2007 01:29:35 -0000 From: steven@...terwebnet.com To: bugtraq@...urityfocus.com Subject: slocate leaks filenames of protected directories * Version tested: 3.1 * Problem description: slocate doesn't check readability bit of containing directory. It can divulge the existence of files in a directory that is unreadable (e.g. by the 'ls' command) by a user. * Demonstration: As user1: $ cd /tmp $ mkdir dir $ chmod 711 dir $ cd dir $ touch "a-secret-file" $ cd .. $ updatedb -o db -U dir As user2: $ cd /tmp $ ls dir ls: .: Permission denied But: $ slocate -d db file dir/a-secret-file