Joey Hess writes ("Re: Opinions sought: mlocate appropriate for Priority: standard?"): > Given the security history of slocate, and since mlocate has a similar > design from a security POV, it would be good to get a thurough audit of > mlocate, perhaps trying some of the same holes. At least it doesn't seem > to be vulnerable to the attack described in CVE-2007-0227.
I think setgid is entirely the wrong approach here. And these kind of vulnerabilities are an inevitable consequence. Ian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]