Re: slocate leaks filenames of protected directories

To: Dave Moore <dave.j.moore@xxxxxxxxx>
Subject: Re: slocate leaks filenames of protected directories
From: Ben Wheeler <b.wheeler@xxxxxxxxxx>
Date: Fri, 12 Jan 2007 21:18:47 +0000
Cc: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, steven@xxxxxxxxxxxxxxxx, dennis.jackson@xxxxxxxxxxxxx
In-reply-to: <fcb90ceb0701111050w4877be5cuecdddd858e50a239@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: Dave Moore <dave.j.moore@xxxxxxxxx>, bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, steven@xxxxxxxxxxxxxxxx, dennis.jackson@xxxxxxxxxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <E1H4iBN-0003dh-00@xxxxxxxxxxxxxxxxxxx> <20070111111433.GA8002@xxxxxxxxxxxxxxxxx> <fcb90ceb0701111050w4877be5cuecdddd858e50a239@xxxxxxxxxxxxxx>
User-agent: Mutt/1.5.9i

On Thu, Jan 11, 2007 at 12:50:49PM -0600, Dave Moore wrote:
> chmod 711 dir
> sets permissions: drwx--x--x
> 
> But for directories the x doesn't mean executable, it means
> searchable. 
...
> 
> Or am I missing something?

You're missing what "searchable" means. It means you can cd into
the directory and you can access files within the directory *if*
you know their exact name (and have appropriate perms on those files)
but you *cannot* list the directory's contents. Thus if slocate
allows you to list the contents of such a directory just by
specifying the name of the directory, or a single character of
a file within the directory, it is laxer security than the directory
permissions allow. Not the world's most pressing security problem, 
but a problem nonetheless.

Ben

References:
- Re: slocate leaks filenames of protected directories
  - From: Dennis Jackson
- Re: slocate leaks filenames of protected directories
  - From: Ben Wheeler
- Re: slocate leaks filenames of protected directories
  - From: Dave Moore

Prev by Date: [ MDKSA-2007:012 ] - Updated kernel packages fix multiple vulnerabilities and bugs
Next by Date: AIOCP SQL Injection Vulnerability
Previous by thread: Re: slocate leaks filenames of protected directories
Next by thread: Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite
Index(es):
- Date
- Thread