From saska@fysgr386.sn.umu.se  Tue Oct  6 15:46:01 1998
Received: from fysgr386.sn.umu.se (fysgr386.sn.umu.se [130.239.128.238])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA19379
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 6 Oct 1998 15:45:48 -0700 (PDT)
          (envelope-from saska@fysgr386.sn.umu.se)
Received: (from saska@localhost)
	by fysgr386.sn.umu.se (8.8.8/8.8.8) id AAA08527;
	Wed, 7 Oct 1998 00:49:46 +0200 (CEST)
	(envelope-from saska)
Message-Id: <199810062249.AAA08527@fysgr386.sn.umu.se>
Date: Wed, 7 Oct 1998 00:49:46 +0200 (CEST)
From: saska@acc.umu.se
Reply-To: saska@acc.umu.se
To: FreeBSD-gnats-submit@freebsd.org
Subject: Any user can view other users "chmod 700" home dirs with locate.
X-Send-Pr-Version: 3.2

>Number:         8177
>Category:       misc
>Synopsis:       Any user can view other users "chmod 700" home dirs with locate.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct  6 15:50:00 PDT 1998
>Closed-Date:    Fri Oct 16 13:03:57 PDT 1998
>Last-Modified:  Fri Oct 16 13:06:55 PDT 1998
>Originator:     
>Release:        FreeBSD 2.2.7-STABLE i386
>Organization:
>Environment:

FreeBSD 2.2.7-STABLE

>Description:

Doing a "locate [user]" reveals the contents of the users home directory even if the person has 'protected' the contents by doing a "chmod 700" on their home directory. Of course, this can be done by *any* user on the system without special privilegies which of course not is desirable.

>How-To-Repeat:

Described above.

>Fix:
	
I believe this should not be considered a "bug".. Rather an unwanted feature.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: steve 
Responsible-Changed-When: Fri Oct 9 21:57:11 PDT 1998 
Responsible-Changed-Why:  
Misfiled PR. 
State-Changed-From-To: open->closed 
State-Changed-By: dt 
State-Changed-When: Fri Oct 16 13:03:57 PDT 1998 
State-Changed-Why:  
No. Locate database created by user 'nobody', so it would not work. 
>Unformatted:
no
