On 9/30/24 19:36, Jamie Landeg-Jones wrote:
Kyle Evans <kev...@freebsd.org> wrote:
It might be that the better long-term approach is to teach updatedb.sh
how to drop privileges and push that out of the periodic script to avoid
surprises like this from the different execution environments. This
/feels/ like the kind of thing we could take an opinionated stance on,
maybe providing an escape hatch of some sort if someone really wants to
complain that they can't document all filenames on the system.
This is how it already works. It calls locate.updatedb as "nobody", so
only files readable by "nobody" are indexed:
echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3
Yes, my proposal is that it stops doing that and we teach updatedb to
handle the priv-dropping instead, so that you get the same behavior no
matter how you execute it.
Thanks,
Kyle Evans
