[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Status of updatedb
|
From: |
Dmitry V. Levin |
|
Subject: |
Re: Status of updatedb |
|
Date: |
Sun, 18 Dec 2005 03:19:34 +0300 |
On Sat, Dec 17, 2005 at 11:42:53PM +0000, James Youngman wrote:
> On Sun, Dec 18, 2005 at 01:36:52AM +0300, Dmitry V. Levin wrote:
>
> > You can have a look at my own slocate I wrote several years ago
> > (based on glibc's fts and GNU locate's frencode) which demonstrates
> > this approach:
> > ftp://ftp.altlinux.org/pub/people/ldv/slocate/slocate-0.2.8.tar.bz2
>
> Interesting. I like the code (well, except for lists.c). How did you
> come to write your own version rather than use the locate which forms
> part of GNU findutils or the other 'slocate' package?
First reason was security: the find part needs to be privileged, and I had
no other way to make it running non-root and still be able to traverse
a file hierarchy. Why I need to make it running non-root? Because
updatedb is subject for passive and active attacks.
Second reason was performance: the code based on glibc's fts + GNU locate's
frencode worked faster than GNU locate and much faster than other 'slocate'
package.
> I'm not asking 'what was wrong with GNU locate?'.
The architecture. As I said, with standard linux kernel find cannot be
hardened without hacks, and multiprocess model also adds performance penalty.
> It's more that I'm
> asking why you didn't use the other slocate.
Other slocate is crap. It is even less secure than GNU locate which
contains no "s" in the name. :)
> One more wheel and we'll have enough for a car :)
Indeed! :)
--
ldv
pgpH8MJIPEg2C.pgp
Description: PGP signature