Tomáš Chvátal wrote:
Dne Út 18. června 2013 08:50:42, Ludwig Nussel napsal(a):
What's the background of that requirement?
Because the security didn't review the sgid bit on the mlocate for 2 years. The alternative is this.
See the only mlocate bug in bugzie about it.
That is not an explanation. I had to read the source to understand what mlocate uses the setgid bit for. It's an interesting approach but bears the risk of information leaks or worse (set[ug]id is always fishy). Bonus points for not being installed by default aside safe defaults for such a tool would be to run the indexer unprivileged to be absolutely sure the DB only ever contains files that are world readable anyways.