Bug 62938 - rpm -qa works for non root user
rpm -qa works for non root user
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: rpm (Show other bugs)
7.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-04-08 00:36 EDT by Need Real Name
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-04-08 00:36:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2002-04-08 00:36:53 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)

Description of problem:
upgrade to RPM version 4.0.4 now allows non root user to perform an rpm -qa

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
user@localhost
0 ~ $ id
uid=500(user) gid=500(user) groups=500(user)

user@localhost
0 ~ $ which rpm
/bin/rpm

user@localhost
0 ~ $ ls -al /bin/rpm
-rwxr-xr-x    1 rpm      rpm       1737960 Feb 16 02:31 /bin/rpm
user@localhost

1 ~ $ rpm -v
RPM version 4.0.4
Copyright (C) 1998-2000 - Red Hat, Inc.
This program may be freely redistributed under the terms of the GNU GPL

Usage: rpm {--help}
       rpm {--version}

user@localhost
0 ~ $ rpm -qa
filesystem-2.1.6-2
bzip2-libs-1.0.1-4
cracklib-2.7-12
db2-2.4.14-7
gdbm-1.8.0-10
hdparm-4.1-2
mktemp-1.5-11
parted-1.4.16-8
<etc...>

Actual Results:  installed rpm list is returned.

Expected Results:  error: cannot open Packages index using db3 - Permission 
denied (13)
 (or equivalent)

Additional info:
Comment 1 Jeff Johnson 2002-04-08 14:40:21 EDT
rpm has always permitted non-root readonly database
opens with rpm -qa.

If you *really* want to prohibit non-root queries,
then do
	chmod go-r /var/lib/rpm/*

Note You need to log in before you can comment on or make changes to this bug.