Re: Security: non-root users may have access to the slocate database

To: debian-user@lists.debian.org
Subject: Re: Security: non-root users may have access to the slocate database
From: Sam Watkins <swatkins@fastmail.fm>
Date: Wed, 8 Dec 2004 00:57:30 +1100
Message-id: <[🔎] 20041207135730.GB2509@jam.samwatkins.homeunix.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20041207092203.GX3020@ay.vinc17.org>
References: <[🔎] 20041207092203.GX3020@ay.vinc17.org>

On Tue, Dec 07, 2004 at 10:22:03AM +0100, Vincent Lefevre wrote:
> Any comment on bug 282355?
> 
>   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=282355
> 
> Some non-root users may have access to the slocate database, hence
> to filenames that are normally accessible only by root. Isn't that
> a security hole?

I agree it is as a security hole, certainly more serious than "wishlist".
I'm not sure which package, nis or slocate, was responsible.

Can you tell us steps to reproduce the bug?  If you can give instructions on
how to reproduce it, I'll try to work out how to fix it.

Sam

Reply to:

Follow-Ups:
- Re: Security: non-root users may have access to the slocate database
  - From: Vincent Lefevre <vincent@vinc17.org>

References:
- Security: non-root users may have access to the slocate database
  - From: Vincent Lefevre <vincent@vinc17.org>

Prev by Date: Gnome, screenshots
Next by Date: Re: Gnome, screenshots
Previous by thread: Security: non-root users may have access to the slocate database
Next by thread: Re: Security: non-root users may have access to the slocate database
Index(es):
- Date
- Thread