feature(?) in locate

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

feature(?) in locate

From:	Andrew Comech
Subject:	feature(?) in locate
Date:	Wed, 29 Nov 2000 22:52:56 -0500

Hi,
I was wondering whether the following is a bug or feature of locate:
========================================================
Port:~$ ls /root
ls: /root: Permission denied
Port:~$ find /root -name *.* -print
find: /root: Permission denied
Port:~$ locate /root
/root
/root/.bashrc
/root/.bash_history
...
/root/user_peter_passwd_is_3cows7legs
/root/my-boss-is-asshole.txt
========================================================
Formally, this seems to be a security violation, although I have no 
idea how this could be exploited. 
(To patch it, perhaps one might change `locate' so that when the user 
calls it, it would match the filenames from its database against the 
directories' permissions, before printing the names to the user... this 
would require some work, because one might then call locate with strace..
I just do not have a slightest idea about all this.)

As to features, I was wondering whether you might want to include 
"--ignore-case" option, as in grep.

Thank you very much for your work!

Andrew

[Prev in Thread]

Current Thread

[Next in Thread]

feature(?) in locate, Andrew Comech <=

Prev by Date: Bug in gas
Next by Date: man 1.5f and cat files
Previous by thread: Bug in gas
Next by thread: man 1.5f and cat files
Index(es):
- Date
- Thread