On 05/03/2015 04:47 PM, jd1008 wrote:
I distrust suid programs.
Skepticism toward SUID root is sometimes merited. Evaluating your own
needs for such programs is reasonable. Distrusting the mechanism itself
is tin-foil-hat-crazy.
I find it strange that a security minded system needs an suid
program to do something as simple as locate a file.
It's not SUID, it's SGID to "slocate". The locate file will only allow
users to locate files they have access to. In order to enforce that
restriction, users have to be prevented from reading the database directly.