MAJOR hole in 5.0

Ian Molton spyro at f2s.com
Thu Sep 25 14:33:48 PDT 2003


On Thu, 25 Sep 2003 21:35:25 +0200
Matthias Benkmann <matthias at winterdrache.de> wrote:

> Could someone please tell me, how a user account called "nobody" with
> no valid shell and no password that doesn't own any files is a major
> security risk and a user account called "miller" with a valid shell
> and password that owns files and has write access to /home/miller is
> not?

the problem was 'nobody' in the current book DOES have a shell.
admittedly not a massive problem but many daemons assume nobody to be an
unprivelidged user with no files of its own.


-- 
Spyros lair: http://www.mnementh.co.uk/   ||||   Maintainer: arm26 linux

Do not meddle in the affairs of Dragons, for you are tasty and good with
ketchup.



More information about the lfs-security mailing list