Re: in.fingerd follows sym-links on Solaris 8

[Darren Moffat <Darren.Moffat () eng sun com>]

> Ok, the example wasn't good.
> It was a long day for me, thus, please forgive me that slip-up.
This is certainly a much better example, but:

> On example, many httpd servers works with the same privilages,
> it means that you can read any CGI temporary file, and other
> files readable only by CGI scripts.

httpd servers shouldn't be running as user nobody they should be
running as user www or something similar.

> I think about a case where a CGI script saves some important
> information in a temporary file, like PHP do with the sessions:
>
>  -rw------- 1 nobody nobody    329 May 14 12:16  /tmp/sess_0cd156a633

The bug is in one of PHP/CGI/httpd NOT in in.fingerd.

nobody has a very special meaning, it is the user id that root gets mapped
to over NFS.  It was created for that reason and that reason alone, it
is NOT a general purpose account to run daemons or cgi or anything else
under.  If applications need to run as a user other than root then they
should have a user for that application, eg Oracle DB server runs as
the user oracle.

in.fingerd is a special case and it is running as nobody explicitly because
there should be no sensitive files that are owned by the nobody user.  If
you have a system where there are local files that are owned by nobody
then you have a configuration error or a bug in another application but it
isn't in.fingerd's problem.

--
Darren J Moffat