Your message dated Tue, 17 Aug 2021 17:05:16 +0200 with message-id <[email protected]> and subject line Closing mlocate bugs has caused the Debian Bug report #926290, regarding mlocate: Is confused about DB permissions to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 926290: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926290 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: mlocate Version: 0.26-2 The authors of mlocate need to figure out what their security model is since the documentation and behavior seem to be confused about what the actual model is. Of crucial note, is the "mlocate" group supposed to be the controlling factor for access to these DB files? After some experimentation I found `mlocate` will NOT provide results from a database file other than /var/lib/mlocate/mlocate.db which is only readable by the "mlocate" group. This seems to contradict mlocate's `updatedb` program which WILL NOT create a database file owned by a group other than "mlocate" without a special option (-l no). If the group is supposed to be the controlling factor, then `mlocate` should provide results from extra database files readable by group "mlocate". True, examining DB files specified by --database or $LOCATE_PATH which are readable by "mlocate", but not the user is hazardous. Yet if the group is properly controlled the hazard is small. -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | [email protected] PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
--- End Message ---
--- Begin Message ---Hi, As of bookworm, mlocate no longer exists in Debian and is replaced by plocate. There's still an “mlocate” package, but it is only a transitional package to install plocate (and convert over the old database). Thus, I'm closing a series of bugs related to mlocate that I believe are either: 1. Already fixed in plocate, or 2. Related to implementation bugs in mlocate that are highly unlikely to reappear in plocate (which only shares configuration parsing code, no other internals). If you believe this is in error and the bug is relevant for plocate, please reopen it with a message as of why that is the case (and reassign it to plocate). Thanks! /* Steinar */ -- Homepage: http://www.sesse.net/
--- End Message ---
