From owner-freebsd-questions@FreeBSD.ORG  Tue Dec 18 21:13:10 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 48176110
 for <freebsd-questions@freebsd.org>; Tue, 18 Dec 2012 21:13:09 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14])
 by mx1.freebsd.org (Postfix) with ESMTP id AC3438FC0C
 for <freebsd-questions@freebsd.org>; Tue, 18 Dec 2012 21:13:09 +0000 (UTC)
Received: from r56.edvax.de (port-92-195-94-87.dynamic.qsc.de [92.195.94.87])
 by mx02.qsc.de (Postfix) with ESMTP id 16D0A276B5;
 Tue, 18 Dec 2012 22:13:08 +0100 (CET)
Received: from r56.edvax.de (localhost [127.0.0.1])
 by r56.edvax.de (8.14.5/8.14.5) with SMTP id qBILDAta003392;
 Tue, 18 Dec 2012 22:13:10 +0100 (CET)
 (envelope-from freebsd@edvax.de)
Date: Tue, 18 Dec 2012 22:13:10 +0100
From: Polytropon <freebsd@edvax.de>
To: Walter Hurry <walterhurry@gmail.com>
Subject: Re: updatedb?
Message-Id: <20121218221310.cbcb9add.freebsd@edvax.de>
In-Reply-To: <kaqljd$gj4$1@ger.gmane.org>
References: <kaqljd$gj4$1@ger.gmane.org>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: Polytropon <freebsd@edvax.de>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2012 21:13:10 -0000

On Tue, 18 Dec 2012 21:01:33 +0000 (UTC), Walter Hurry wrote:
> $ sudo /usr/libexec/locate.updatedb
> >>> WARNING
> >>> Executing updatedb as root.  This WILL reveal all filenames
> >>> on your machine to all login users, which is a security risk.
> $
> 
> Why is it a "security risk"? Security through obscurity? Really? In this 
> day and age?
> 
> Or am I missing something?

Depends. In case you're using your system primarily as a 
single-user installation - no problem. If there are users
who don't have trust in others (and this is _correct_),
any call of "locate <something>" could reveal data stored
on different user accounts, even if they cannot be accessed
due to o-x for the individual home directories. Sometimes
file names can already tell a lot.

The locate.updatedb is usually run from the "nobody" user
account when invoked automatically. This means that the
directory restrictions can apply (e. g. user home directories
cannot be searched when they have o-x attribute).





-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...