James Carlson wrote: > I'm on the fence on this one. The way it "fails safe" is that you > don't install it if you don't want it and/or you do care about ACLs.
I don't think that is fair. It is the sysadmin that does the install but the end user's privacy that is leaked to other end users if their filenames are revealed by slocate. I need an explict answer on slocate: If there is an ACL that would deny a user decending down a particular directory path (and thus not being able to see further filenames) will that be honoured by slocate ? If the answer is no then it seems to me that slocate is no safer than locate. There is also the issue of when slocate checks the permissions because they could change between the time of indexing and the time of look up - that I'm less concerned about. -- Darren J Moffat
