Info Catalog find: Security Considerations for xargs find: Security Considerations find: Security Summary

find: Security Considerations for locate

1 
1 11.4 Security Considerations for 'locate'
1 =========================================
1 
1 11.4.1 Race Conditions
1 ----------------------
1 
1 It is fairly unusual for the output of 'locate' to be fed into another
1 command.  However, if this were to be done, this would raise the same
1 set of security issues as the use of 'find ... -print'.  Although the
1 problems relating to whitespace in file names can be resolved by using
1 'locate''s '-0' option, this still leaves the race condition problems
1 associated with 'find ... -print0'.  There is no way to avoid these
1 problems in the case of 'locate'.
1 
1 11.4.2 Long File Name Bugs with Old-Format Databases
1 ----------------------------------------------------
1 
1 Old versions of 'locate' have a bug in the way that old-format databases
1 are read.  This bug affects the following versions of 'locate':
1 
1   1. All releases prior to 4.2.31
1   2. All 4.3.x releases prior to 4.3.7
1 
1    The affected versions of 'locate' read file names into a fixed-length
1 1026 byte buffer, allocated on the heap.  This buffer is not extended if
1 file names are too long to fit into the buffer.  No range checking on
1 the length of the filename is performed.  This could in theory lead to a
1 privilege escalation attack.  Findutils versions 4.3.0 to 4.3.6 are also
1 affected.
1 
1    On systems using the old database format and affected versions of
1 'locate', carefully-chosen long file names could in theory allow
1 malicious users to run code of their choice as any user invoking locate.
1 
1    If remote users can choose the names of files stored on your system,
1 and these files are indexed by 'updatedb', this may be a remote security
1 vulnerability.  Findutils version 4.2.31 and findutils version 4.3.7
1 include fixes for this problem.  The 'updatedb', 'bigram' and 'code'
1 programs do no appear to be affected.
1 
1    If you are also using GNU coreutils, you can use the following
1 command to determine the length of the longest file name on a given
1 system:
1 
1      find / -print0 | tr -c '\0' 'x' | tr '\0' '\n' | wc -L
1 
1    Although this problem is significant, the old database format is not
1 the default, and use of the old database format is not common.  Most
1 installations and most users will not be affected by this problem.
1
Info Catalog find: Security Considerations for xargs find: Security Considerations find: Security Summary