|
|
Subscribe / Log in / New account

What goes into default Debian?

What goes into default Debian?

Posted Feb 18, 2021 10:05 UTC (Thu) by pabs (subscriber, #43278)
In reply to: What goes into default Debian? by Sesse
Parent article: What goes into default Debian?

I wonder if you could using timing information to figure out if specific paths exist.


to post comments

What goes into default Debian?

Posted Feb 18, 2021 12:27 UTC (Thu) by niner (subscriber, #26151) [Link] (7 responses)

If your filenames are that sensitive, then you should set permissions accordingly. If that means updatedb can't index your files, then that's a good thing.

What goes into default Debian?

Posted Feb 18, 2021 13:03 UTC (Thu) by eehakkin (subscriber, #92008) [Link] (6 responses)

If your filenames are that sensitive, then you should set permissions accordingly. If that means updatedb can't index your files, then that's a good thing.
That is not possible. In the case of mlocate and plocate, updatedb runs as root so that it can index all files. It is not possible to set permissions so that the root user would not be able to see and index them.

What goes into default Debian?

Posted Feb 18, 2021 14:25 UTC (Thu) by Sesse (subscriber, #53779) [Link] (5 responses)

You can set anything so sensitive in PRUNEPATHS.

What goes into default Debian?

Posted Feb 18, 2021 21:35 UTC (Thu) by mathstuf (subscriber, #69389) [Link] (4 responses)

Is that a system setting that only the administrator can set or can users add paths to it somehow?

What goes into default Debian?

Posted Feb 19, 2021 5:55 UTC (Fri) by flussence (guest, #85566) [Link] (3 responses)

The default for mlocate's PRUNENAMES contains "CVS", so just invent a clever backronym for that and put your sensitive files in a directory named such. If that's still not sufficient then you have someone with root access limiting themselves to making malicious edits to updatedb.conf, which is a bizarre threat model to care about.

What goes into default Debian?

Posted Feb 19, 2021 14:16 UTC (Fri) by mathstuf (subscriber, #69389) [Link] (2 responses)

My question was a response to:

> You can set anything so sensitive in PRUNEPATHS.

I was asking if the "You" here needs root privileges to do that. I think anyone worrying about root should know that they should encrypt any files they wish to hide from them (assuming root isn't actively spying on in-use memory). I'm more thinking about someone writing code that ignored permission checks (say, a custom patched build of `locate`) when querying the database (I'm not sure if that is done on the `locate` side or somehow embedded into the database itself).

What goes into default Debian?

Posted Feb 19, 2021 16:52 UTC (Fri) by Sesse (subscriber, #53779) [Link] (1 responses)

You can custom-build your own locate without the access checks, but it needs to be installed sgid to get access to the locate database, so it wouldn't help you.

What goes into default Debian?

Posted Feb 19, 2021 22:53 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Ah, that sounds reasonable enough. Thanks.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds