Re: Secure Locate (findutils?)

To: brianr@osiris.ml.org
Cc: Kevin Dalley <kevind@rahul.net>, debian-devel@lists.debian.org
Subject: Re: Secure Locate (findutils?)
From: Robert Woodcock <rcw@debian.org>
Date: 16 Oct 1998 14:59:04 -0000
Message-id: <[🔎] 19981016145904.15197.qmail@rcw.oz.net>
In-reply-to: <[🔎] 19981015010342.D21456@osiris.ml.org>

[Cc'd to debian-devel and the findutils maintainer]

In debian-devel, brianr@osiris.ml.org wrote:
>Anyone give any thought to packaging Secure Locate 1.2?

Yeah, I posted an intent to package about the same time you posted this.
BTW, at least version 1.3 is out now.

>Is there any way to
>package this without it conflicting with the standard locate provided in
>findutils?

It has to seamlessly replace both updatedb and locate. Then you can use
dpkg's diversion features to properly shove them out of the way.

Unfortunately it seamlessly replaces neither yet, and since dpkg isn't yet
supposed to be able to properly divert configuration files, I can't touch
/etc/updatedb.conf or /etc/cron.daily/find (even to make sure they don't run
- who would want two locate databases?). So the only thing left for me to
muck with is the updatedb script itself.

I have contacted the upstream author and he's working to make slocate
compatible with locate, however the updatedb end needs quite a bit of
work. (slocate currently uses the same binary for indexing and searching!)
updatedb is a good chunk of functionality to replace, considering it's a
shell script.

>This seems like a much better way to enhance privacy without running
>updatedb as nobody and thus making users unable to 'locate' files in their
>own private directories.

I concur :)

>I'd do this myself, but I haven't been accepted as a maintainer yet,
>findutils is part of the required base install which I'd rather not be
>resposible for breaking, and slocate might require some special permissions
>which could decrease security in a ways I haven't fully explored yet.

It wants to be setgid slocate so it can read the slocate db. If a user can
exploit slocate they get to read the database. The database is actually
owned by root, and I'll need to make sure the directory it's in is as well.

I made a suggestion to the upstream author about storing the databases in
separate files, owned by whoever should be able to read them (yeah, one for
each uid), so nothing would have to be set[ug]id. He never commented on it.
-- 
Robert Woodcock - rcw@debian.org
"Unix and C are the ultimate computer viruses" -- Richard Gabriel

Reply to:

References:
- Secure Locate 1.2 (findutils?)
  - From: Brian Ristuccia <brianr@osiris.ml.org>

Prev by Date: Re: Debian Emacs breaks GPL?
Next by Date: Re: gdselect alpha 3
Previous by thread: Re: Secure Locate 1.2 (findutils?)
Next by thread: APT 0.1.7 released!
Index(es):
- Date
- Thread