On Tue, Apr 25, 2000 at 02:55:03PM -0400, David Teague wrote: [...]
> The locate command can only locate files that the user running
> updatedb can see. I find locate to be useful if you make it run with
> root priv. Some claim this is an invasion of privacy and a security
> hole. This is true on a multiuser system where you cannot assure
> that users are all benign.
>
> That is why Debian's default is to run updatedb from /etc/cron.daily
> as the user nobody, making locate able to find only files that user
> nobody can see. Makes it very nearly a no op, and worth killing, as
> some suggest.
If you're going to do this -- and I would consider it a security hole --
hint: anyone cracking your box now can find what's in files --
I'd recommend dumping the results to a root-owned file, readable only by
root, and writing a wrapper, script, or program to search it, seperately
from the "locate" command.
--
Karsten M. Self <kmself@ix.netcom.com> http:/www.netcom.com/~kmself
What part of "Gestalt" don't you understand?
http://gestalt-system.sourceforge.net/
GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0
pgpjl7XDcz7fE.pgp
Description: PGP signature
