MAJOR hole in 5.0

Matthias Benkmann matthias at winterdrache.de
Thu Sep 25 12:35:25 PDT 2003


On Thu, 25 Sep 2003 19:47:20 +0100 Chris Lingard <chris at stockwith.co.uk>
wrote:

> Remove user nobody, as this will now be a security risk, when
> you put your new LFS systm on the internet. 

Yes, and make sure to tell them that they should only ever use the root
account because all normal user accounts are a security risk when you put
your system on the Internet.
Could someone please tell me, how a user account called "nobody" with no
valid shell and no password that doesn't own any files is a major security
risk and a user account called "miller" with a valid shell and password
that owns files and has write access to /home/miller is not?

MSB

-- 
Black holes are where God divided by zero.




More information about the lfs-security mailing list