Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate

[Felipe Franciosi <franciozzy () terra com br>]

> It's apparently something that's changed in later versions of Slackware.
> Here's one from my machine, which was originally Slack3.5 (before going
> through several upgrades, of course):
>
> -rw-r--r--   1 root     root       740500 Aug  1 04:03 locatedb

I would like to remind you that  old slackware boxes used to have a
huge problem with this ownership of the locate system.

I can't remember exactly on which version it was changed to nobody,
but I do remember of the problem:

The updatedb runs everyday at 4:40 am.  It creates temporary files
on  /tmp,  and  the name of these files are a number. The point is
that there were several files created along the  process,  and the
name of the next file was an increment of the last one.
This would allow any local user to create a symbolic link from any
system  file  to  a  file  named with an incremented number of the
current temp file...  Once it was runned by root, this would basi-
caly append several trash info to the file.

Imagine the destruction if the link was pointed to a hard drive at
/dev, for example. :-)

Switching from root's crontable  to nobody's crontable was the so-
lution at the time.

Regards,
Felipe

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Felipe Franciosi        paradoxo networking
 http://www.paradoxo.org   Porto Alegre - RS
 Phone: (55)(51) 9806 7387    UIN - 33596050
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=