[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Jun 2013 11:17:03 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Subject: Re: chroots & uid sharing
On Thu, Jun 06, 2013 at 03:02:37PM +0200, Jason A. Donenfeld wrote:
> What I wonder is how many distros are shipping various daemons that
> run under the nobody user, with certain ones chrooting and others not.
> How should we handle this?
We can handle nobody well enough by correcting its mis-use every time
we spot it. There are enough purpose-specific users on a typical system
these days to just give the impression that any new service should get
its own corresponding user, so the temptation to use 'nobody' is lower
than it used to be.
Of course, if a different user account gets abused for both chrooted and
non-chrooted use, that's harder to combat, short of reminding people
that chroot is filesystem and _only_ filesystem..
Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
