Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate

From: Olaf Bohlen <firefox () is sun-powered de>
Date: Wed, 1 Aug 2001 22:21:37 +0200 (MEST)
Hi,


This don't say whether the locate database is always owned by nobody or
just temporary. (I am not at a slackware box.) I am just curious, 

because

This is on my Slackware 8 box:
freyr:/var/spool/locate# ls -l locatedb  
-rw-r--r--    1 nobody   nogroup   1664857 Aug  1 04:42 locatedb

And this remains as nobody/nogroup.

But: no user (except root) should be able to gain access to nobody. so 
this is not a security hole imho.

Also if you run apache-cgi's as user, apache chowns to the owner of the 
cgi before executing it:

-- snip --
#!/bin/sh

echo "Content-type: text/plain"
echo

echo -n "Running cgi as: "
id

echo "Running httpd as: "

ps -ef | grep httpd | head -1
-- snip --

reports when executed by apache:

Running cgi as: uid=4109(dackel) gid=80(www) groups=80(www)                     
Running httpd as:                                                               
www      24330 23441  0 00:42 ?        00:00:27 
/usr/local/apache/bin/httpd -DSS 

so, i don't see a problem here.

Cheers

-- 
-- Olaf Bohlen --------------------- cell +49-172-4561817 --
-- Maxfeldstrasse 16 --- mail <firefox () is sun-powered de> --
-- 90409 Nuernberg ------ http http://www.sun-powered.de/ --
-- Germany ---------------------- irc firefox01 (IRC-Net) --
-- ------------------------------------------------------ --
Previous By Date Next
Previous By Thread Next

Current thread: