[701] in linux-security and linux-alert archive
Re: [linux-security] locate & updatedb
daemon@ATHENA.MIT.EDU (Zefram)
Sat May 4 12:31:02 1996
From: Zefram <A.Main@dcs.warwick.ac.uk>
To: gnu@toad.com (John Gilmore)
Date: Fri, 3 May 1996 15:31:07 +0100 (BST)
Cc: linux-security@tarsier.cv.nrao.edu, gnu@toad.com
In-Reply-To: <199605030613.XAA04003@toad.com> from "John Gilmore" at May 2, 96 11:13:41 pm
>I think a more durable solution would be to add a call to access() in
>the locate command. Before returning any file name on stdout, locate
>would check that it is accessible to the user who's running locate.
>
>This not only allows a full root `find' in updatedb, but also has the
>nice side effect of eliminating files from locate's output if they have
>been deleted or made inaccessible since updatedb was run by cron.
That would require locate to be setuid, and would also slow it down.
The best solution is simply, as has been previously stated, to run
updatedb as an unprivileged user that owns no files. Just accept the
limitations. If you want something more up to date, use find.
-zefram
