Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate

[Dylan Griffiths <Dylan_G () bigfoot com>]

Brian Smith wrote:
> It's apparently something that's changed in later versions of Slackware.
> Here's one from my machine, which was originally Slack3.5 (before going
> through several upgrades, of course):
>
> -rw-r--r--   1 root     root       740500 Aug  1 04:03 locatedb

This happened because:

# This updates the database for 'locate' every day:
40 04 * * *       cd / ; updatedb 1> /dev/null 2> /dev/null

was moved from 

/var/spool/cron/crontabs/root
to
/var/spool/cron/crontabs/nobody

Because, when run as root, everyone who ran GNU locate could see whatever
files root could see (such as other people's how directories).

I suggest you either upgrade Slackware to slocate (
http://www.geekreview.org/slocate/ ) which is safe to run as root since its
locate will check if you're allowed to see the files in shows, or assign
each subsystem its own UID (which is a good idea anyways :)).

Hopefully someone who con officially fix Slackware (Pat, Dave, Chris, etc)
can get a solid fix into the base distro.
--
    www.kuro5hin.org -- technology and culture, from the trenches.