Package: quick-reference-en
Version: 1.09-3
Severity: normal

3.4.1 suggests to use slocate, but in fact slocate is not a "more
secure locate" but a "more functional locate".  It indexes all files,
instead of just files visible to user "nobody" (well, everybody), and
then only displays them if the invoking user actually has permission
to see them (output may different for distinct users).  Please either
drop the slocate reference, or elaborate so as to not imply that it is
"more secure".  If anything, it is less secure, since it runs suid
locate, and an error could cause it to disclose existence of files
when it should not.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to