Linda Walsh wrote:
Tomáš Chvátal wrote:
Dne Út 18. června 2013 08:50:42, Ludwig Nussel napsal(a):
What's the background of that requirement?
Because the security didn't review the sgid bit on the mlocate for 2 years. The alternative is this.
Um... security did this? Before, with the sgid bit set, no one could read the
values in the mlocatedb. Now anyone who is in the group locate (which is anyone who wants to use locate), can read that file.
---- Given that security decided to ship mlocate without the security bit,
wouldn't it be more practical to ensure that it's database is generated with the "--require-visibility no" option and have locate set to normal 755 permissions and the db file set to 644.
That would give the benefit of compatibility with locate and no false impression of security. It seems to give a speed up in small cases, but a slowdown on larger ones (locate /|wc -l) took about 150% longer (2.5x), but a single file was about 50% faster (.5x).