MAJOR hole in 5.0

Daniel Roethlisberger daniel at roe.ch
Fri Sep 26 07:36:57 PDT 2003


Some people suggested that the user 'nobody' does not need to be there.
I believe that is not true for some/most systems. The user 'nobody' is
traditionally a non-priviledged user which owns no files (running Apache
as 'nobody' is abuse of the rationale behind it, and thus considered
harmful). Some daemons default to using 'nobody' when dropping
priviledges in order to do unpriviledged work. Of course it's possible
to force such programs to use another user than 'nobody' (runtime
options, ./configure options, or even patching the source), but I
strongly believe it is still a good idea to have the user 'nobody'
around, just in case you missed one. It certainly needs no shell, no
password and no home directory, but it should be kept around. It does
not reduce the security at all, as all you can do is setuid() to it from
root, which you can do to any numerical UID anyway. As long as you have
no files owned by 'nobody', there's no risk involved.

On an afterthought, removing the user 'nobody' could in theory even
reduce security, as some (admittedly badly designed) programs might not
drop priviledges if no user 'nobody' is around. But this is getting
increasingly off topic now...

Cheers,
Dan


-- 
    Daniel Roethlisberger <daniel at roe.ch>
    OpenPGP key id 0x804A06B1 (1024/4096 DSA/ElGamal)
    144D 6A5E 0C88 E5D7 0775 FCFD 3974 0E98 804A 06B1
!->
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-security/attachments/20030926/99d53b08/attachment.sig>


More information about the lfs-security mailing list