Darren J Moffat writes: > James Carlson wrote: > > Jim Li writes: > >> 2> Slocate will check file permissions and ownership before displaying > >> matched files so that files they don't have access to will be filtered > >> out. Tracker will display all matched files no matter what the > >> permissions and ownershiop are. > > > > I assume that's an attempt at security. As described, it likely > > doesn't work with ACLs on Solaris, and should have a warning. It > > won't necessarily provide the desired security. > > If by "doesn't work with ACLs" means that it gives out information about > files that the user would not normally be able to see because the ACL > denys them access
Yes; that's what I'm assuming occurs here. Otherwise, why bother checking permissions and ownership or claiming that the "s" means enhanced security over the usual GNU locate utility? I suspect this application is in the same boat with _many_ other indexers. It's a common problem. > then that is a security vulnerability it it must not > be integrated like that. The lack of ACL support is an architectural > issue, if it fails safe then I think this case can integrate but an RFE > should be logged upstream to add ACL support. If it fails unsafe (as > above) then ACL support must be provided for this case to be approved. I'm on the fence on this one. The way it "fails safe" is that you don't install it if you don't want it and/or you do care about ACLs. As there are some who use ACLs, there must also be some who have no need for them. :-/ -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
