Security issue? Daemon users has to much rights...

To: debian-security@lists.debian.org
Subject: Security issue? Daemon users has to much rights...
From: Jan Lühr <jluehr@gmx.net>
Date: Fri, 22 Oct 2004 12:38:32 +0200
Message-id: <[🔎] 200410221238.32860.jluehr@gmx.net>

Greetings,

because of the recent xpdf issues I tested the access restrictions of some 
users like lp, mail, etc. with default settings in sarge. I noticed that, by 
default, no acl were used to prevent access to vital system commands, the 
user shouldn't have. For instance: lp could mount a vfat partion marked as 
user mountable in fstab, execute df or mount to gain information about the 
systems topology.
By introducing acl's in late 2.4 and 2.6 (both are the main kernel branches 
for sarge and are used during the installaion), it might be worth the effort 
to introduce default ACLs during the installation process (optional of 
course) in order to protect systems not managed by skilled admins. (rentable 
server, etc.)
What do you think?
Who's in charge with this decision?

Keep smiling
yanosz

Reply to:

Follow-Ups:
- Re: Security issue? Daemon users has to much rights...
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Restore vital organs that shrink with age
Next by Date: OT, spam tips.
Previous by thread: Restore vital organs that shrink with age
Next by thread: Re: Security issue? Daemon users has to much rights...
Index(es):
- Date
- Thread