Date: Mon, 1 Apr 1996 11:17:59 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: mpp@freefall.freebsd.org (Mike Pritchard) Cc: freebsd-hackers@freefall.freebsd.org Subject: Re: locate Message-ID: <199604011817.LAA13834@phaeton.artisoft.com> In-Reply-To: <199604010600.WAA01868@freefall.freebsd.org> from "Mike Pritchard" at Mar 31, 96 10:00:10 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Locate would then have to be updated to stat each match it > finds first before printing it, but I think for most typical > locate runs, the performance penalty would be negligble. > I know that my typical locate runs usually come up with less than > a pageful of matches, and stat'ing each one of those is much > better than my running "find / -name xyzzy -print". This also > provides the benefit is not listing files which have been removed > from the system since the database was updated. I assume locate itself would be suid or sgid to make the database files not world-readable? Otherwise, you can still find files you aren't supposed to be able to, and it's still a security hole. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604011817.LAA13834>