From owner-freebsd-bugs Sun Feb 10 2:20: 5 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7233537B417 for ; Sun, 10 Feb 2002 02:20:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g1AAK2l64767; Sun, 10 Feb 2002 02:20:02 -0800 (PST) (envelope-from gnats) Date: Sun, 10 Feb 2002 02:20:02 -0800 (PST) Message-Id: <200202101020.g1AAK2l64767@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Mike Makonnen Subject: Re: conf/34780: locate(1)'s database is generated with root permissions Reply-To: Mike Makonnen Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR conf/34780; it has been noted by GNATS. From: Mike Makonnen To: "f. johan beisser" Cc: freebsd-gnats-submit@freebsd.org Subject: Re: conf/34780: locate(1)'s database is generated with root permissions Date: Sun, 10 Feb 2002 02:17:25 -0800 On Sat, 2002-02-09 at 18:29, f. johan beisser wrote: > the locate(1) database is generated with root permissions. this allows any user to find the existance of any other users files through the locate(1) command. > this means doing a search for any users login, you can get a list of > all of the files in their home direcotry, no matter what permissions > the file has. Yes, it is called by root, but the script su's to user nobody before updating the database. cheers, mike makonnen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message