Bug 252134
Summary: | locate can not open db files in dbpath | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Naveed Hasan <naveed> | ||||
Component: | mlocate | Assignee: | Miloslav Trmač <mitr> | ||||
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 7 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-08-14 23:21:17 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Naveed Hasan
2007-08-14 05:38:42 UTC
Created attachment 161247 [details]
updatedb cron
Thanks for your report. The behavior you have observed happens because locate(1) gives up GID slocate before handling "untrusted" databases, to make sure unprivileged users cannot exploit possible bugs in locate(1) to gain GID slocate. More precisely, locate(1) gives up GID slocate immediately _after_ opening the first database that is not owned by group slocate, not readable by group slocate, or readable by "other" users. In your case, first.db is not owned by group slocate, so locate(1) gives up GID slocate after opening first.db. Actually, GID slocate is necessary for both first.db and second.db (because /var/lib/mlocate is rwxr-x---), but locate(1) doesn't detect that, so it incorrectly gives up the GID, and it can't open second.db. Ideally, locate(1) should be able to detect that GID slocate is necessary to read first.db and second.db. Unfortunately, it is not possible to detect that without race conditions. As a workaround, you can either 1) (chgrp slocate first.db second.db; chmod o-r first.db second.db), or 2) store first.db and second.db in a world-readable directory, not /var/lib/mlocate. |