Tomáš Chvátal wrote:
Dne Út 18. června 2013 08:50:42, Ludwig Nussel napsal(a):
What's the background of that requirement?
Because the security didn't review the sgid bit on the mlocate for 2 years. The alternative is this.
---- Um... security did this?
Before, with the sgid bit set, no one could read the values in the mlocatedb. Now anyone who is in the group locate (which is anyone who wants to use locate), can read that file.
The purpose of mlocate was to provide privacy that other users wouldn't be able to use to list the filenames.
It seems like removing the sgid bit removes that feature -- which is the main reason for using mlocate.
If mlocate is shipping without the sgid bit, then I don't see any reason why it should replace findutils-locate. What does it offer? On the downside -- everyone has to be in group locate now to retain functionality.