Joey Hess writes ("Re: Opinions sought: mlocate appropriate for Priority:
standard?"):
> Given the security history of slocate, and since mlocate has a similar
> design from a security POV, it would be good to get a thurough audit of
> mlocate, perhaps trying some of the same holes. At least it doesn't seem
> to be vulnerable to the attack described in CVE-2007-0227.
I think setgid is entirely the wrong approach here. And these kind of
vulnerabilities are an inevitable consequence.
Ian.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
