MAJOR hole in 5.0
Rohde.Henning at gmx.net
Fri Sep 26 12:43:42 PDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Am Freitag, 26. September 2003 21:07 schrieb Dagmar d'Surreal:
> On Fri, 2003-09-26 at 09:36, Daniel Roethlisberger wrote:
> > Some people suggested that the user 'nobody' does not need to be there.
> > I believe that is not true for some/most systems. The user 'nobody' is
> > traditionally a non-priviledged user which owns no files (running
> > Apache as 'nobody' is abuse of the rationale behind it, and thus
> > considered harmful). Some daemons default to using 'nobody' when
> > dropping priviledges in order to do unpriviledged work.
> Name some. Everything recent and sane does not, and even old code tends
> to be configurable. Most folks figured out that having more than one
> thing using the nobody role account was a bad idea in the early 90's.
Does anyone still use NFS?
Is there anyone who remembers the mysterious user "nfs-nobody"???
"nobody" is commonly the user, that gets assigned to files root (=uid0)
writes on some NFS-mount, that has been exported without the option
This is IMHO at least one valid reasons for this user to exist in any
default installation, even for some firewall, where nfs should never be
Another could be openSSH, I think I remember it needing this user for
PrivilegeSeparation, but I could be wrong.
Just my 2 cents of EUR,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the lfs-security