findutils for OpenSolaris [LSARC/2008/531 FastTrack timeout 08/26/2008]
Luis de Bethencourt
Luis.Debethencourt at sun.com
Wed Aug 20 05:43:33 PDT 2008
Stephen Hahn wrote:
> * Alan Coopersmith <alan.coopersmith at sun.com> [2008-08-19 15:05]:
>
>> Shi-Ying Irene Huang wrote:
>>
>>> 4.1. Details:
>>> GNU findutils is an opensource package which provides utilities to
>>> find files meeting specified criteria and perform various actions on
>>> the files which are found. This package contains 'find', 'xargs', and
>>> 'locate'.
>>>
>>> GNU find is faster than Solaris find and has more functions, it was a
>>> cleanroom implementation. And even has xargs funcionality built inside,
>>> but xargs is also kept separate for convenience.
>>>
>>> There is another project delivering slocate: LSARC 2008/447
>>> Which is the secure version of locate. So locate won't be delivered
>>> with findutils.
>>>
>> Doesn't that violate the principle of the familiarity projects? Users know
>> about locate, ask us often for a locate command - if there is no command in
>> the path named locate, then we've failed to provide familiarity.
>>
>
> I agree with Alan; dropping locate for slocate isn't necessary. You
> can deliver
>
> /usr/gnu/bin/locate
>
> to keep the expectation around that findutils is the entirety of the
> package. (You could also deliver /usr/bin/glocate, but I don't think
> that's necessary or expected.)
>
> - Stephen
>
>
locate is a clear security risk. For familiarity locate command should
be an alias to slocate executable.
Luis
More information about the opensolaris-arc
mailing list