UPDATE: I just tested this on my old 10.3 Mac... and the same thing happens! How long has this been the case? I could have sworn I've used 'locate' many times in the past and not seen other users' files. Hmm...
(OK, now onto the original post.)
One of the first things I noticed in Mac OS X 10.5 Leopard seems to be a bad change and I can't imagine why Apple made it. 'Locate' has worked fine since 10.0 came out over six years ago. (UPDATE part 2: seems I'm wrong--testing 'locate' on a 10.3 box shows the same insecure behavior--so I guess the only new thing is that they show the warning. This is so, so weird--I swear it didn't used to do that. I thought OS X just silently used 'slocate' like most Linux distros do.) Now that I've updated to 10.5, when I say
sudo /usr/libexec/locate.updatedb
it tells me
>>> WARNING
>>> Executing updatedb as root. This WILL reveal all filenames
>>> on your machine to all login users, which is a security risk.
Sure enough, if I 'su -' to another user, create a file with a unique name, switch back to me, and 'locate' that file, it pops right up. Why?
An example:
omg5:~ brian$ locate abc123
omg5:~ brian$ su - admin
Password:
omg5:~ admin$ touch Desktop/abc123
(Note: I put it in 'Desktop' because that folder has '700' permissions.)
omg5:~ admin$ logout
omg5:~ brian$ sudo /usr/libexec/locate.updatedb
Password:
>>> WARNING
>>> Executing updatedb as root. This WILL reveal all filenames
>>> on your machine to all login users, which is a security risk.
omg5:~ brian$ locate abc123
/Users/admin/abc123
omg5:~ brian$
Note: this does not mean other users can read all these files, it just means that they can see that they exist, which is still a major security no-no.