#5: Be careful with locate

Posted by | Comments (0) | Trackback (1)

When locating files on your disk locate is a nice tool because it indexes your hard drive and therefore finds files very quickly. But locate can also be a great security threat to your system. One big problem is that updatedb (which builds the database for locate) is mostly run as root and thus indexes all files on your system, also confidential user data. Therefore also unprivileged users can search files they're normally not allowed to see. They can't see or modify their contents but their names are visible and in some case this is already enough.

A simple solution could be to delete the default locate.db file at /var/lib/locate and remove the cron script which updates the database. Then each user can generate his own database with

update-db -U ${HOME} -o ./mylocate.db

The other solution would be to replace locate with slocate which also saves the file rights and only shows those files the current user is allowed to see. Today slocate is installed by default on most Linux distributions. But note that by default all home directories have the rights 755 so all users can see (but not modify) other users' files. Hence these files are also searchable with slocate. So don't forget to chmod go-rx all user directories which shall not be browsable to others.

slocate also does one other great thing: it always checks the actual files before presenting the search results. Therefore you won't see any nonexistent files in your search results. This doesn't confuse your users and may be good for security reasons, too. But of course slocate can only display files it has indexed so files created after the last call of updatedb (which is normally run daily by your cron daemon) are not included in the search results. To solve this there's another (slocate extending) locate implementation called rlocate which runs as a kernel module for 2.6.x and therefore it's always up to date. Another locate implementation, which is about to replace slocate, is mlocate. m stands for merge because mlocate reuses the old database file and just merges new files into the existing database to avoid rescanning the complete file system.

So keep in mind that locate can endanger your system, better use slocate or mlocate, which are much safer. But due to their nature also these ain't perfect in all respects. First of all they aren't always up to date, but the more crucial thing is: they are SGID programs. So if you build hardened Linux systems you might consider removing them.

Read more about locate, slocate and rlocate:

Trackbacks

Manko10 sent a Trackback on : (permalink)

RT @reflinux: #Advent series "24 Short #Linux #Hints", day 5: Be careful with #locate http://bit.ly/iebXdF

Comments

No comments have been submitted yet. Be the first!

Write a comment:

HTML-Tags will be converted to Entities.
Markdown format allowed
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

By submitting a comment, you agree to our privacy policy.

Design and Code Copyright © 2010-2019 Janek Bevendorff Content on this site is published under the terms of the GNU Free Documentation License (GFDL). You may redistribute content only in compliance with these terms. tweetbackcheck