Re: Dumping COMPLETE slocate (updatedb) database?

From: Alexander Skwar (alexander_at_skwar.name)
Date: 07/11/05 

Date: Mon, 11 Jul 2005 23:44:27 +0200

· Dave Gibson <dave+news001@gibson-hrd.abelgratis.co.uk.invalid>:

> Alexander Skwar <alexander@skwar.name> wrote:
>> · Dave Gibson <dave+news001@gibson-hrd.abelgratis.co.uk.invalid>:
>>
>>> Alexander Skwar <alexander@skwar.name> wrote:
>>>> Hello.
>>>>
>>>> Because I've lost some filesystems recently, I'd like to find out,
>>>> what I've *exactly* lost. To do that, I'd like to read and *print*
>>>> (on screen) the /complete/ slocate/updatedb database from
>>>> /var/lib/slocate/slocate.db.
>>>>
>>>> But when I "locate" something, the result is only printed if the
>>>> file actually right now exists.
>>>
>>> As root, search with the security level set to zero:
>>>
>>> # locate -l 0
>>
>> Nope, doesn't help. With "-l 1" (default) only those files are
>> printed, that the user has access to and which exist. With -l 0,
>> the first part of the check is skipped.
>
> This was a misunderstanding on my part -- the security level setting
> only has an effect when building or updating the database.

No. Wrong again :) It has effect when reading as well.

> You should be able to dump the entire database by doing this as root:
>
> # slocate '*'

No, you're not able to dump the entire database. With the unpatched
slocate, you just cannot do that.

slocate only prints a result, if the current user has access to the
found file. No user (not even root) has access to non existing files.

Alexander Skwar 

-- 
Comedy, like Medicine, was never meant to be practiced by the general public.

Relevant Pages

  • [UNIX] slocate Buffer Overflow (-i, -d, Exploit)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Mr. Hornik has discovered buffer overflow vulnerability in slocate version ... Program slocate works on user supplied database with setgid to slocate ... Then on line main.c:1275 the last byte of memory block header ...
    (Securiteam)
  • Re: Slocate - what is happening?
    ... > Still fantastic but I have a weird problem with slocate that was not ther ... When I go to create the database with updatedb the system ... I suspect that the answer is simpler than reinstalling and wonder ...
    (alt.os.linux.redhat)
  • Re: using find command to search in current directory only
    ... look at how GNU locate (not slocate) works. ... >> updatedb as, same for the solution given above. ... permissions to the database, or regular users couldn't access it. ... My code in this post is copyright 2004, Chris F.A. Johnson and may be copied under the terms of the GNU General Public License ...
    (comp.unix.shell)
  • SA-20031006 slocate vulnerability
    ... Mr. Hornik has discovered buffer overflow vulnerability in slocate ... Program slocate works on user supplied database with setgid to slocate ... This security advisory: ...
    (Bugtraq)
  • Re: SuSE 10 and locate command
    ... > This will build your database, ... > at night to update thd database every so often. ... > been added by slocate -a. ... You are about to enter another dimension, ...
    (alt.os.linux.suse)