Bugtraq mailing list archives
slocate leaks filenames of protected directories
From: steven () masterwebnet com
Date: 10 Jan 2007 01:29:35 -0000
* Version tested: 3.1 * Problem description: slocate doesn't check readability bit of containing directory. It can divulge the existence of files in a directory that is unreadable (e.g. by the 'ls' command) by a user. * Demonstration: As user1: $ cd /tmp $ mkdir dir $ chmod 711 dir $ cd dir $ touch "a-secret-file" $ cd .. $ updatedb -o db -U dir As user2: $ cd /tmp $ ls dir ls: .: Permission denied But: $ slocate -d db file dir/a-secret-file
Current thread:
- slocate leaks filenames of protected directories steven (Jan 10)
- <Possible follow-ups>
- Re: slocate leaks filenames of protected directories Dennis Jackson (Jan 10)
- Re: slocate leaks filenames of protected directories Ben Wheeler (Jan 11)
- Re: slocate leaks filenames of protected directories Dave Moore (Jan 12)
- Re: slocate leaks filenames of protected directories Ben Wheeler (Jan 12)
- Re: slocate leaks filenames of protected directories Ben Wheeler (Jan 11)