Luis de Bethencourt wrote: > locate is a clear security risk. For familiarity locate command should > be an alias to slocate executable.
My understanding was that locate was perfectly secure providing it was not installed setuid/setgid and that the datebase it looks at was not generated by other user. What do most Linux distributions that ship GNU findutils and slocate do? The slocate case didn't provide an updatedb.conf file because this case was likely to deliver one. glocate would be wrong according to the rules because there is no clashing /usr/bin/locate at this time. -- Darren J Moffat
