Bug 170201

From Bugzilla Helper: User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.91 (like Gecko)  Description of problem: if (UID == 0 || check_path_access(strdup(codedpath)))    slocate currently has the above code.  This means that if it is run as root it  will be able to display information on all files unconditionally.  On a non-SE  system this is OK as root will have ultimate access.  On a SE Linux with  targeted policy it's not a problem as the daemons can't run slocate and user  sessions are unconfined (so a user session as root can do everything).    On a SE Linux machine running the strict policy this is not desirable as an  unprivileged root user can list all the files on the system.  We don't  recommend that you have unprivileged root users so in the past this bug has  really only affected me.    Now that we are working on MLS support for LSPP certification this has become  a serious issue.  We don't want a copy of slocate running at "secret"  clearance to be able to see the names of files in a "top secret" classified  directory.   Version-Release number of selected component (if applicable):   How reproducible: Always  Steps to Reproduce: Run locate as an unprivileged root user.   Additional info: