In slackware, it is constantly owned by nobody. However, even if it is only owned for nobody for a certain period of time, it just creates a race condition and is still "a problem." > > This don't say whether the locate database is always owned by nobody or > just temporary. (I am not at a slackware box.) I am just curious, because > some operating systems first create the database as nobody and then > immediately change the ownership (via a weekly cron job for example). > > If it is just temporary, then I assume an exploit must be timed. > > But, if it always owned by nobody, then that is a problem. Nothing should > really be owned by "nobody" -- isn't that the purpose of the unprivileged > user?
