oss-sec mailing list archives
Re: chroots & uid sharing
From: Seth Arnold <seth.arnold () canonical com>
Date: Thu, 6 Jun 2013 11:17:03 -0700
On Thu, Jun 06, 2013 at 03:02:37PM +0200, Jason A. Donenfeld wrote:
What I wonder is how many distros are shipping various daemons that run under the nobody user, with certain ones chrooting and others not. How should we handle this?
We can handle nobody well enough by correcting its mis-use every time we spot it. There are enough purpose-specific users on a typical system these days to just give the impression that any new service should get its own corresponding user, so the temptation to use 'nobody' is lower than it used to be. Of course, if a different user account gets abused for both chrooted and non-chrooted use, that's harder to combat, short of reminding people that chroot is filesystem and _only_ filesystem..
Attachment:
signature.asc
Description: Digital signature
Current thread:
- chroots & uid sharing Jason A. Donenfeld (Jun 06)
- Re: chroots & uid sharing Jason A. Donenfeld (Jun 06)
- Re: chroots & uid sharing Seth Arnold (Jun 06)
- Re: chroots & uid sharing Kurt Seifried (Jun 06)
- Re: chroots & uid sharing Tom Maher (Jun 07)
- Re: chroots & uid sharing Kurt Seifried (Jun 06)