[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Filesystem-local databases in mlocate

On Mon, Mar 19, 2007 at 02:10:41AM -0400, Simo Sorce wrote:
> On Fri, 2007-03-16 at 05:16 +0100, Miloslav Trmac wrote:
> > Hi,
> > I'm planning to add filesystem-local database support to mlocate.  This
> > allows:
> > - running updatedb on a file server and making the database
> >   automatically available to clients without any client-side
> >   configuration
> > - using locate on GFS volumes without running updatedb on each host that
> >   has the volume mounted (which slows the volumes down due to lock
> >   contention)
> [...]
> > Usage for /home on NFS:
> > - NFS is automatically excluded by clients, so updatedb on clients
> >   does not walk the filesystem.
> > - On the server:
> >   Add /srv/home to /etc/sysconfig/mlocate.  If /srv/home is not a
> >   separate mount point, add LOCATE_PATH=:/srv/home/.mlocate/mlocate.db
> >   to the global environment.
> I am deeply concerned about the security implications of this idea.
> You are basically making it possible for everyone to get access to the
> complete remote FS layout ???

The remote mlocate.db can be exported as owned by root with 0600, and
depending on root_squash or other factors the database will be
remotely readable or not.

Or placed differently: If the remote server allows root mounts, then
reading the mlocate.db will only be possible, if the remote client can
also traverse the real paths anyway (due to unsquashed root
priviledges), so you're not giving more security sensitive information
away than what's already possible.

> > Can anyone see a problem with the plan, or an important feature that the
> > above fails to address?
> Yes, security and privacy wise it is BAD BAAD BAAAD :-)

It would need to elevate /usr/bin/locate from an sgid to an suid
program. That's a risk that needs to be weighed, but other than that I
don't see any further issues. Or is there something still?
Axel.Thimm at ATrpms.net

Attachment: pgps2I2NVkKMZ.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]