Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Jul 2017 17:26:47 -0500
From: "Patrick J. Volkerding" <security@...ckware.com>
To: oss-security@...ts.openwall.com
Subject: Re: systemd fails to parse user that should run
 service

On 07/05/2017 04:14 PM, Robert Scheck wrote:
> +1 for both, the CVE and that this is a problem. The service should not be
> started with more (!) permissions simply if parsing username fails.

One would think that without any User= line specified, defaulting to
nobody:nogroup would be more sane than defaulting to root. Since the
User= mechanism exists, if you want something to run as root, you should
need to ask for it.



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ