On Wed, Jan 07, 2004 at 12:56:53PM -0800, Kevin Lindsay wrote:
> On Wed, Jan 07, 2004 at 11:04:22AM -0800, Matt Zimmerman wrote:
>
> > On Mon, Jan 05, 2004 at 01:34:00AM +0100, Petter Reinholdtsen wrote:
> >
> > > This bug seem to be similar to CVE-2001-0066, reported 2000-12-17 in
> > > DSA-005-1. <URL: http://www.debian.org/security/2000/20001217a >.
> > >
> > > Perhaps there are more problems with the database handling in slocate?
> >
> > Probably. I think that it is not a good idea for slocate to read and
> > interpret a user-supplied database while running with setgid privileges.
> > Since slocate indexes all files on the system, I don't see why this should
> > be needed either.
>
> I agree. I took a more careful look at the advisory and I will be doing an
> audit on the necessary code. User defined databases were requested to handle
> lookups on remote file systems which had their own databases. I think a
> good plan would be to drop privileges when searching databases which do not
> have the 'slocate' group assigned. Let me know if I'm missing anything.
Ah, that makes sense. In that case, yes, it would be ideal if slocate
could:
On Wed, Jan 07, 2004 at 12:56:53PM -0800, Kevin Lindsay wrote:
> On Wed, Jan 07, 2004 at 11:04:22AM -0800, Matt Zimmerman wrote: www.debian. org/security/ 2000/20001217a >.
>
> > On Mon, Jan 05, 2004 at 01:34:00AM +0100, Petter Reinholdtsen wrote:
> >
> > > This bug seem to be similar to CVE-2001-0066, reported 2000-12-17 in
> > > DSA-005-1. <URL: http://
> > >
> > > Perhaps there are more problems with the database handling in slocate?
> >
> > Probably. I think that it is not a good idea for slocate to read and
> > interpret a user-supplied database while running with setgid privileges.
> > Since slocate indexes all files on the system, I don't see why this should
> > be needed either.
>
> I agree. I took a more careful look at the advisory and I will be doing an
> audit on the necessary code. User defined databases were requested to handle
> lookups on remote file systems which had their own databases. I think a
> good plan would be to drop privileges when searching databases which do not
> have the 'slocate' group assigned. Let me know if I'm missing anything.
Ah, that makes sense. In that case, yes, it would be ideal if slocate
could:
1. Read the system slocate database
2. Drop privileges irrevocably
3. Read the user-supplied database and continue
--
- mdz