Tomáš Chvátal wrote:
Dne Út 18. června 2013 08:50:42, Ludwig Nussel napsal(a):
What's the background of that requirement?
Because the security didn't review the sgid bit on the mlocate for 2 years. The alternative is this.
See the only mlocate bug in bugzie about it.
That is not an explanation. I had to read the source to understand what mlocate uses the setgid bit for. It's an interesting approach but bears the risk of information leaks or worse (set[ug]id is always fishy). Bonus points for not being installed by default aside safe defaults for such a tool would be to run the indexer unprivileged to be absolutely sure the DB only ever contains files that are world readable anyways. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org