Path: utzoo!attcan!uunet!lll-winken!ncis.llnl.gov!helios.ee.lbl.gov!pasteur!ucbvax!agate!bionet!csd4.milw.wisc.edu!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: leres@helios.ee.lbl.gov (Craig Leres)
Newsgroups: comp.sys.sun
Subject: Re: Tightening security on SunOS 4.0 'fastfind'
Message-ID: <8901170222.AA02291@helios.ee.lbl.gov>
Date: 20 Jan 89 21:06:46 GMT
Sender: usenet@rice.edu
Organization: Nomura Securities
Lines: 19
Approved: Sun-Spots@rice.edu
Original-Date: Mon, 16 Jan 89 18:22:26 PST
X-Sun-Spots-Digest: Volume 7, Issue 114, message 5 of 18

Rene' Seindal writes:
> The following patch to find will only allow users to see the files to
> which they have search permission.  Of course the database is still there,
[...]
> ! 						if (stat(path, &statb) == 0)
> ! 							puts ( path );

Gee whiz, shouldn't you use access() instead of stat()? I mean, if you're
going to implement a suboptimal algorithm, the least you can do is code it
efficiently.

Meanwhile, some people may want to simply run updatedb as an innocuous
user:

    su guest -c /usr/lib/find/updatedb

This works pretty well for me.

		Craig