Tightening security on SunOS 4.0 'fastfind' (pa
Rene' Seindal
mcvax!sleipner.diku.dk!seindal at uunet.uu.net
Sat Jan 14 14:47:40 AEST 1989
rwl at uvacs.cs.virginia.edu (Ray Lubinsky) writes:
> It's very much worth your while to run /usr/lib/find/updatedb nightly via
> cron, but the cautious administrator will want to prevent user directories
> from being added to the database. Otherwise, even protected directories
> and their member file objects will be added to the database for all to
> see.
The following patch to find will only allow users to see the files to
which they have search permission. Of course the database is still there,
readable and all, so people could read it directly. I you are that
paranoid, make find setgid to daemon, and allow only group daemon access
to the database. this wouldn't harm updatedb, since it is run as root.
Rene' Seindal (seindal at diku.dk).
__________
*** /tmp/,RCSt1a07350 Tue Jan 10 17:06:04 1989
--- /tmp/,RCSt2a07350 Tue Jan 10 17:06:06 1989
***************
*** 863,868 ****
--- 863,869 ----
char path[1024];
char bigram1[128], bigram2[128];
int found = NO;
+ struct stat statb;
if ( (fp = fopen ( FCODES, "r" )) == NULL ) {
fprintf ( stderr, "find: can't open %s\n", FCODES );
***************
*** 898,904 ****
if ( *p == NULL ) { /* success on fast match */
found = YES;
if ( globflag == NO || amatch ( path, pathpart ) )
! puts ( path );
break;
}
}
--- 899,906 ----
if ( *p == NULL ) { /* success on fast match */
found = YES;
if ( globflag == NO || amatch ( path, pathpart ) )
! if (stat(path, &statb) == 0)
! puts ( path );
break;
}
}
More information about the Comp.sys.sun
mailing list