updatedb?
Bas Smeelen
b.smeelen at ose.nl
Tue Dec 18 21:49:47 UTC 2012
On 12/18/12 22:32, RW wrote:
> On Tue, 18 Dec 2012 21:01:33 +0000 (UTC)
> Walter Hurry wrote:
>
>> $ sudo /usr/libexec/locate.updatedb
>>>>> WARNING
>>>>> Executing updatedb as root. This WILL reveal all filenames
>>>>> on your machine to all login users, which is a security risk.
>> $
>>
>> Why is it a "security risk"? Security through obscurity? Really? In
>> this day and age?
>>
>> Or am I missing something?
> If permissions have been set to prevent other users reading filenames
> then obviously leaking file names is security issue.
Yes. But as stated before it defaults to run as user nobody.
Line 26 /etc/periodic/weekly/310.locate
echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3
No issue there.
If someone runs it as root it can be, as everything being run as root, a
security issue.
More information about the freebsd-questions
mailing list