Comment 4 for bug 7373

Revision history for this message
In , Matt Zimmerman (mdz) wrote : Re: Bug#226103: CAN-2003-0848: heap overflow in slocate

On Mon, Jan 05, 2004 at 01:34:00AM +0100, Petter Reinholdtsen wrote:

> This bug seem to be similar to CVE-2001-0066, reported 2000-12-17 in
> DSA-005-1. <URL: http://www.debian.org/security/2000/20001217a >.
>
> Perhaps there are more problems with the database handling in slocate?

Probably. I think that it is not a good idea for slocate to read and
interpret a user-supplied database while running with setgid privileges.
Since slocate indexes all files on the system, I don't see why this should
be needed either.

--
 - mdz