[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]

Stephen Frost <sfrost@snowman.net> wrote:

> * Frank K?ster (frank@debian.org) wrote:
>> Stephen Frost <sfrost@snowman.net> wrote:
>> > Have we actually got a specific case of this happening and there being a
>> > real security threat from it?
>> When I ran a samba server years ago, I changed the default log file names
>> and, IIRC, location.
> Were they owned by the samba uid?

I don't know for sure, but I think yes.

> Were they terribly sensitive?

In some cases knowledge of filenames that one user uses would have been
very interesting for some other users.

> Did
> you ever actually uninstall samba?  Was the samba uid reused?

Since I left that server to somebody else, I can only speculate:
Probably no, but I cannot exclude it (e.g. if there ever was a samba-ng
package or something like that, they might have tried it instead).

>  Was there 
> an actual compramise of the files by another daemon?

I assume that in this case I'd know.  

> I'm looking for actual cases of this 'security hole' being exploited, 

Sorry, I can't help you.

Regards, Frank
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer

Reply to: