On Mon, Mar 19, 2007 at 02:10:41AM -0400, Simo Sorce wrote: > On Fri, 2007-03-16 at 05:16 +0100, Miloslav Trmac wrote: > > Hi, > > I'm planning to add filesystem-local database support to mlocate. This > > allows: > > - running updatedb on a file server and making the database > > automatically available to clients without any client-side > > configuration > > - using locate on GFS volumes without running updatedb on each host that > > has the volume mounted (which slows the volumes down due to lock > > contention) > > [...] > > > Usage for /home on NFS: > > - NFS is automatically excluded by clients, so updatedb on clients > > does not walk the filesystem. > > - On the server: > > Add /srv/home to /etc/sysconfig/mlocate. If /srv/home is not a > > separate mount point, add LOCATE_PATH=:/srv/home/.mlocate/mlocate.db > > to the global environment. > > I am deeply concerned about the security implications of this idea. > You are basically making it possible for everyone to get access to the > complete remote FS layout ??? The remote mlocate.db can be exported as owned by root with 0600, and depending on root_squash or other factors the database will be remotely readable or not. Or placed differently: If the remote server allows root mounts, then reading the mlocate.db will only be possible, if the remote client can also traverse the real paths anyway (due to unsquashed root priviledges), so you're not giving more security sensitive information away than what's already possible. > > Can anyone see a problem with the plan, or an important feature that the > > above fails to address? > > Yes, security and privacy wise it is BAD BAAD BAAAD :-) It would need to elevate /usr/bin/locate from an sgid to an suid program. That's a risk that needs to be weighed, but other than that I don't see any further issues. Or is there something still? -- Axel.Thimm at ATrpms.net
Attachment:
pgpmCdvAnDcAL.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list