Re: user for getting files

To: debian-mentors@lists.debian.org
Subject: Re: user for getting files
From: "John H. Robinson, IV" <jhriv@ucsd.edu>
Date: Fri, 22 Nov 2002 14:06:02 -0800
Message-id: <[🔎] 20021122220602.GD29645@ucsd.edu>
Mail-followup-to: debian-mentors@lists.debian.org
In-reply-to: <[🔎] 20021122193651.GN27750@jdj5.mit.edu>
References: <[🔎] 20021122190427.GA24842@blars.org> <[🔎] 20021122193651.GN27750@jdj5.mit.edu>

David Roundy wrote:
> On Fri, Nov 22, 2002 at 11:04:27AM -0800, Blars Blarson wrote:
> > 
> > but is it realy appropriate for a package to create a new user for a
> > weekly download?

depending upon what other processes will be using the data, and those
that will be starting them, the answer varies from ``maybe'' to ``yes!''

> I'm far from an expert, but I would have thought that 'nobody' would be
> appropriate for this.

_no_.

you never want a file owned by nobody. services that do not need any
elevated privedges should run as nobody, so if they are compromised,
then can do nothing. if you download a file as nobody, then a
compromised nobudy-running daemon can then trojan that file. bad.

> As long as you don't trust the content of those files, this seems safe
> to me.

there are other reasons to not trust the file, other than the ownership
(dns cache poisoning, dns takeover, trojans on the server), so we can
accept this as a truism.

-john

Reply to:

Follow-Ups:
- Re: user for getting files
  - From: Russell Coker <russell@coker.com.au>

References:
- user for getting files
  - From: Blars Blarson <blarson@blars.org>
- Re: user for getting files
  - From: David Roundy <droundy@abridgegame.org>

Prev by Date: Re: the developer in me
Next by Date: Re: j2sdk build-depends cannot be satisfied?
Previous by thread: Re: user for getting files
Next by thread: Re: user for getting files
Index(es):
- Date
- Thread