Curious. This problem doesn't happen for me with version 2.7. As root # cd /root # mkdir dir # chmod 711 dir # cd dir # touch hiddenfile # cd .. # /usr/bin/slocate -c -u As an ordinary user $ ls -l /root/dir /usr/bin/ls: /root/dir: Permission denied $ slocate hiddenfile $ slocate -V Secure Locate 2.7 - Released January 24, 2003 $ Just to check the file really is there $ ls -l /root/dir/hiddenfile -rw-r--r-- 1 root root 0 Jan 10 18:14 /root/dir/hiddenfile $ But as root # slocate hiddenfile /root/dir/hiddenfile # ----- Original Message ----- From: steven@xxxxxxxxxxxxxxxx <steven@xxxxxxxxxxxxxxxx> Sent: 10/01/2007 01:29:35 Subject: slocate leaks filenames of protected directories > * Version tested: 3.1 > > * Problem description: slocate doesn't check readability bit of containing > directory. It can divulge the existence of files in a directory that is > unreadable (e.g. by the 'ls' command) by a user. > > * Demonstration: > > As user1: > > $ cd /tmp > $ mkdir dir > $ chmod 711 dir > $ cd dir > $ touch "a-secret-file" > $ cd .. > > $ updatedb -o db -U dir > > As user2: > > $ cd /tmp > $ ls dir > ls: .: Permission denied > > But: > > $ slocate -d db file > dir/a-secret-file
