Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]

To: Frank Küster <frank@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]
From: Stephen Frost <sfrost@snowman.net>
Date: Thu, 27 Oct 2005 09:36:04 -0400
Message-id: <[🔎] 20051027133604.GG6026@ns.snowman.net>
Mail-followup-to: Frank Küster <frank@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 87acgv8isr.fsf@alhambra.kuesterei.ch>
References: <[🔎] 20051025202118.GA10290@javifsp.no-ip.org> <[🔎] E1EUecU-0004QS-NV@scyw00225.scy001.de> <[🔎] 20051026091100.GA3940@javifsp.no-ip.org> <[🔎] 20051026115319.GE15626@boogie.lpds.sztaki.hu> <[🔎] 20051026135036.GB26323@javifsp.no-ip.org> <[🔎] 87irvkti6r.fsf@alhambra.kuesterei.ch> <[🔎] 20051026154548.GA30978@javifsp.no-ip.org> <[🔎] 20051026184857.GC3379@rzlab.ucr.edu> <[🔎] 20051026191236.GC6026@ns.snowman.net> <[🔎] 87acgv8isr.fsf@alhambra.kuesterei.ch>

* Frank K?ster (frank@debian.org) wrote:
> Stephen Frost <sfrost@snowman.net> wrote:
> > Have we actually got a specific case of this happening and there being a
> > real security threat from it?
> 
> When I ran a samba server years ago, I changed the default log file names
> and, IIRC, location.

Were they owned by the samba uid?  Were they terribly sensitive?  Did
you ever actually uninstall samba?  Was the samba uid reused?  Was there 
an actual compramise of the files by another daemon?

I'm looking for actual cases of this 'security hole' being exploited, or
even getting to the point where files ended up actually owned by the
wrong uid.

	Thanks,

		Stephen

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]
  - From: Frank Küster <frank@debian.org>

References:
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Frank Küster <frank@debian.org>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Removing system users on purge [Re: Bits from the release team: the plans for etch]
  - From: Don Armstrong <don@debian.org>
- Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]
  - From: Frank Küster <frank@debian.org>

Prev by Date: Re: License for PEAR packages
Next by Date: Re: A thought about killing two bird with one stone
Previous by thread: Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]
Next by thread: Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]
Index(es):
- Date
- Thread