Description of problem: Slocate reveals names of files in directories, that are not readable, but are searchable by the user calling slocate. Version-Release number of selected component (if applicable): Affects: RHEL2.1 Affects: RHEL3 How reproducible: Always Steps to Reproduce: # cd /root # mkdir dir # chmod 711 dir # touch dir/secret-file # updatedb -U /root/dir # su - other $ slocate secret-f Actual results: /root/dir/secret-file Expected results: Child criminality rate decrease. Additional info: Reportedly affects just <=2.6
All RHEL versions use slocate 2.7 (slocate-2.7-1.el2.1, slocate-2.7-3.RHEL3.6) and check_path_access() does correctly check all directories on the path are readable. BTW, slocate 2.6 seems to use the same - correct - check.