MAJOR hole in 5.0
spyro at f2s.com
Thu Sep 25 14:33:48 PDT 2003
On Thu, 25 Sep 2003 21:35:25 +0200
Matthias Benkmann <matthias at winterdrache.de> wrote:
> Could someone please tell me, how a user account called "nobody" with
> no valid shell and no password that doesn't own any files is a major
> security risk and a user account called "miller" with a valid shell
> and password that owns files and has write access to /home/miller is
the problem was 'nobody' in the current book DOES have a shell.
admittedly not a massive problem but many daemons assume nobody to be an
unprivelidged user with no files of its own.
Spyros lair: http://www.mnementh.co.uk/ |||| Maintainer: arm26 linux
Do not meddle in the affairs of Dragons, for you are tasty and good with
More information about the lfs-security