Debian Bug report logs - #40724
findutils: updatedb should run sort etc as non-root

version graph

Package: findutils; Maintainer for findutils is Andreas Metzler <ametzler@debian.org>; Source for findutils is src:findutils (PTS, buildd, popcon).

Reported by: tv@debian.org

Date: Sun, 4 Jul 1999 12:18:09 UTC

Severity: wishlist

Found in version 4.1-34

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Kevin Dalley <kevind@rahul.net>:
Bug#40724; Package findutils. (full text, mbox, link).

Acknowledgement sent to tv@debian.org:
New bug report received and forwarded. Copy sent to Kevin Dalley <kevind@rahul.net>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: tv@debian.org
To: submit@bugs.debian.org
Subject: findutils: updatedb should run sort etc as non-root
Date: 4 Jul 1999 12:07:45 -0000
Package: findutils
Version: 4.1-34
Severity: wishlist

[0 tv@hq ~]$ grep --before-context=20 '} | sort -f' /usr/bin/updatedb
  if [ "$LOCALUSER" != "" ]; then
    su $LOCALUSER -c \
    "$find $SEARCHPATHS \
     \\( $prunefs_exp \
     -type d -regex '$PRUNEREGEX' \\) -prune -o -print"
  else
    $find $SEARCHPATHS \
     \( $prunefs_exp \
     -type d -regex "$PRUNEREGEX" \) -prune -o -print
  fi
fi
if test -n "$NETPATHS"; then
  if [ "`whoami`" = root ]; then
    su $NETUSER -c \
     "$find $NETPATHS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o -print"
  else
    $find $NETPATHS \( -type d -regex "$PRUNEREGEX" -prune \) -o -print
  fi
fi
} | sort -f | $frcode > $LOCATE_DB.n
[0 tv@hq ~]$ 

        updatedb should avoid running as root; sort has historically
        had /tmp races, and other danger lurk there too. 
        There is no reason not to su to $LOCALUSER for sort and friends
        also, in addition to just find.

-- System Information
Debian Release: potato
Kernel Version: Linux hq 2.2.9 #1 Thu May 20 07:43:14 EEST 1999 i686 unknown

Versions of the packages findutils depends on:
ii  libc6           2.1.1-10       GNU C Library: Shared libraries and timezone

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Dec 23 16:22:26 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.