Release plocate 1.1.22.

[plocate] / plocate.cpp

diff --git a/plocate.cpp b/plocate.cpp
index 28a9c28bfe52065b8425fffdb4ffef661b501865..519024e07c5b31d04f96db1cc085e8313bb4c39b 100644 (file)
--- a/plocate.cpp
+++ b/plocate.cpp
@@ -55,6 +55,7 @@ bool patterns_are_regex = false;
 bool use_extended_regex = false;
 bool match_basename = false;
 bool check_existence = false;
+bool ignore_visibility = false;
 int64_t limit_matches = numeric_limits<int64_t>::max();
 int64_t limit_left = numeric_limits<int64_t>::max();
 bool stdout_is_tty = false;
@@ -114,6 +115,9 @@ Corpus::Corpus(int fd, const char *filename_for_errors, IOUringEngine *engine)
                // This too. (We ignore the other max_version 2 fields.)
                hdr.check_visibility = true;
        }
+       if (ignore_visibility) {
+               hdr.check_visibility = false;
+       }
 }
 
 Corpus::~Corpus()
@@ -571,7 +575,7 @@ uint64_t do_search_file(const vector<Needle> &needles, const std::string &filena
                                                        if (only_count) {
                                                                printf("0\n");
                                                        }
-                                                       exit(0);
+                                                       exit(1);
                                                }
                                        }
                                }
@@ -834,6 +838,7 @@ int main(int argc, char **argv)
 
        constexpr int EXTENDED_REGEX = 1000;
        constexpr int FLUSH_CACHE = 1001;
+       constexpr int IGNORE_VISIBILITY = 1002;
        static const struct option long_options[] = {
                { "help", no_argument, 0, 'h' },
                { "count", no_argument, 0, 'c' },
@@ -852,6 +857,9 @@ int main(int argc, char **argv)
                { "debug", no_argument, 0, 'D' },  // Not documented.
                // Enable to test cold-cache behavior (except for access()). Not documented.
                { "flush-cache", no_argument, 0, FLUSH_CACHE },
+               // Mostly useful to dump out the entire database, even if the given directories
+               // are gone. Disables sgid due to security. Not documented.
+               { "ignore-visibility", no_argument, 0, IGNORE_VISIBILITY },
                { 0, 0, 0, 0 }
        };
 
@@ -917,17 +925,22 @@ int main(int argc, char **argv)
                case 'V':
                        version();
                        break;
+               case IGNORE_VISIBILITY:
+                       ignore_visibility = true;
+                       break;
                default:
                        exit(1);
                }
        }
 
-       if (use_debug || flush_cache) {
+       if (use_debug || flush_cache || ignore_visibility) {
                // Debug information would leak information about which files exist,
                // so drop setgid before we open the file; one would either need to run
                // as root, or use a locally-built file. Doing the same thing for
                // flush_cache is mostly paranoia, in an attempt to prevent random users
                // from making plocate slow for everyone else.
+               // --ignore-visibility is obvious; if we allowed to keep sgid with
+               // that flag on, it would subvert the entire security model.
                if (setgid(getgid()) != 0) {
                        perror("setgid");
                        exit(EXIT_FAILURE);
@@ -972,7 +985,7 @@ int main(int argc, char **argv)
        }
        if (needles.empty()) {
                fprintf(stderr, "plocate: no pattern to search for specified\n");
-               exit(0);
+               exit(1);
        }
 
        if (dbpaths.empty()) {
@@ -1000,4 +1013,6 @@ int main(int argc, char **argv)
        if (only_count) {
                printf("%" PRId64 "\n", matched);
        }
+
+       return matched == 0;
 }