Vulnerability Development mailing list archives
Re: slocate bug.
From: Jay Beale <jay () nova umuc edu>
Date: Sat, 23 Feb 2002 21:13:59 -0500
In the wise words of Rodrigo Barbosa:
On Thu, Feb 21, 2002 at 09:54:39AM +0000, Wodahs Latigid wrote:Again, on Conectiva Linux snapshot: frodo [/home/rodrigob] > slocate abc -oMoP fatal error: slocate: Must specify an 'Update' database option first. frodo [/home/rodrigob] > ls -lap MoP ls: MoP: No such file or directoryJust out of curiosity, if you give it the required option (the 'Update' database option), plus the -o option, does it still not create the file?Yes, the file is created. But as far as I undertood the docs, this is the expected behaviour. And reading about the tests of the other list subscribers, looks like there is no system with any file writable by group slocate. Now, the question remains: is it possible to compromisse anything with it ? At first glance, I'm tempted to say "no".
Welp, it does seem like auditting the code might prove fruitful. If they can make that mistake, perhaps there's another overflow, possibly in code that takes filenames in from directories. Filenames would definitely constitute user input. My thought is to look at the size of the buffer and look at the maximum allowable filesize under the different filesystems now supported under each operating system its been ported to. Since the Solaris support is only 9 months old, one might get lucky there. - Jay
Current thread:
- Re: slocate bug., (continued)
- Re: slocate bug. Larry W. Cashdollar (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 17)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- RE: slocate bug. John Adair (Feb 15)
- Re: slocate bug. Rodrigo Barbosa (Feb 20)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Jay Beale (Feb 24)