On Mon, Jan 05, 2004 at 01:34:00AM +0100, Petter Reinholdtsen wrote:
> This bug seem to be similar to CVE-2001-0066, reported 2000-12-17 in
> DSA-005-1. <URL: http://www.debian.org/security/2000/20001217a >.
>
> Perhaps there are more problems with the database handling in slocate?
Probably. I think that it is not a good idea for slocate to read and
interpret a user-supplied database while running with setgid privileges.
Since slocate indexes all files on the system, I don't see why this should
be needed either.
On Mon, Jan 05, 2004 at 01:34:00AM +0100, Petter Reinholdtsen wrote:
> This bug seem to be similar to CVE-2001-0066, reported 2000-12-17 in www.debian. org/security/ 2000/20001217a >.
> DSA-005-1. <URL: http://
>
> Perhaps there are more problems with the database handling in slocate?
Probably. I think that it is not a good idea for slocate to read and
interpret a user-supplied database while running with setgid privileges.
Since slocate indexes all files on the system, I don't see why this should
be needed either.
--
- mdz