updatedb?

Polytropon freebsd at edvax.de
Tue Dec 18 21:13:10 UTC 2012


On Tue, 18 Dec 2012 21:01:33 +0000 (UTC), Walter Hurry wrote:
> $ sudo /usr/libexec/locate.updatedb
> >>> WARNING
> >>> Executing updatedb as root.  This WILL reveal all filenames
> >>> on your machine to all login users, which is a security risk.
> $
> 
> Why is it a "security risk"? Security through obscurity? Really? In this 
> day and age?
> 
> Or am I missing something?

Depends. In case you're using your system primarily as a 
single-user installation - no problem. If there are users
who don't have trust in others (and this is _correct_),
any call of "locate <something>" could reveal data stored
on different user accounts, even if they cannot be accessed
due to o-x for the individual home directories. Sometimes
file names can already tell a lot.

The locate.updatedb is usually run from the "nobody" user
account when invoked automatically. This means that the
directory restrictions can apply (e. g. user home directories
cannot be searched when they have o-x attribute).





-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...


More information about the freebsd-questions mailing list