Sorry... I just couldn't help responding to the z/OS part... On z/OS you can limit the access to the catalog and by that deny users from listing the files in that catalog. I think that most places don't do that but z/OS has this ability build in...
Offer Baruch On Sep 30, 2013 6:01 PM, "John McKown" <[email protected]> wrote: > I am looking a "porting" the Linux updatedb/locate program in the mlocate > rpm to run on another UNIX system (z/OS to be exact). I don't understand > why the mlocate.db is not world readable. Instead, the locate program is > marked setgid. The only reason I have come up with is that the updatedb > program loads the names of all the local (and perhaps NFS) file names into > the mlocated.db file. And some of those may be in directories which are > unreadable by some users. > > I am not really going to port the actual code, because I am pretty sure > that I'm going to put the data into a sqlite3 data base so that others can > write code to "do things" with it. > > This is where I don't understand. How can simply knowing if a file exists > or not be a security concern? I admit to being ignorant of this because a > user in z/OS can generally get a listing of the names of all the data sets > (files) which exist on a z/OS system even if they cannot read them. Yeah, > I've got some of those and one consultant was "uppity" about "why can't I > read that? Justify it to me!!!" Who which I replied (quoting W.C. Fields): > "Go away, boy, you bother me!" > > -- > I have _not_ lost my mind! It is backed up on a flash drive somewhere. > > Maranatha! <>< > John McKown > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
