[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]

* Frank K?ster (frank@debian.org) wrote:
> Stephen Frost <sfrost@snowman.net> wrote:
> > Have we actually got a specific case of this happening and there being a
> > real security threat from it?
> When I ran a samba server years ago, I changed the default log file names
> and, IIRC, location.

Were they owned by the samba uid?  Were they terribly sensitive?  Did
you ever actually uninstall samba?  Was the samba uid reused?  Was there 
an actual compramise of the files by another daemon?

I'm looking for actual cases of this 'security hole' being exploited, or
even getting to the point where files ended up actually owned by the
wrong uid.



Attachment: signature.asc
Description: Digital signature

Reply to: