[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
feature(?) in locate
From: |
Andrew Comech |
Subject: |
feature(?) in locate |
Date: |
Wed, 29 Nov 2000 22:52:56 -0500 |
Hi,
I was wondering whether the following is a bug or feature of locate:
========================================================
Port:~$ ls /root
ls: /root: Permission denied
Port:~$ find /root -name *.* -print
find: /root: Permission denied
Port:~$ locate /root
/root
/root/.bashrc
/root/.bash_history
...
/root/user_peter_passwd_is_3cows7legs
/root/my-boss-is-asshole.txt
========================================================
Formally, this seems to be a security violation, although I have no
idea how this could be exploited.
(To patch it, perhaps one might change `locate' so that when the user
calls it, it would match the filenames from its database against the
directories' permissions, before printing the names to the user... this
would require some work, because one might then call locate with strace..
I just do not have a slightest idea about all this.)
As to features, I was wondering whether you might want to include
"--ignore-case" option, as in grep.
Thank you very much for your work!
Andrew
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- feature(?) in locate,
Andrew Comech <=