On Thu, 30 Nov 2000, kmself@ix.netcom.com wrote: > on Thu, Nov 30, 2000 at 04:37:47PM -0200, Henrique M Holschuh (hmh+debianml@rcm.org.br) wrote: > > 'nobody' is a 'system' user. User 'nobody' should never ever have ANY files > > in the filesystem (if it does, that's probably a security hole), and should > -rw-rw---- 1 nobody mail 12487 Jun 2 2000 > /var/spool/mail/nobody You should probably have nobody as an alias for root in your email routing... (and root as an alias for someone else, actually). > /tmp/.font-unix: > total 0 > srwxrwxrwx 1 nobody nogroup 0 Nov 19 04:02 fs7100 > srwxr-xr-x 1 root root 0 Nov 19 04:02 fs7101 For Xfree86 3.3.6 I think one could crash an Xserver by killing the font server. It's a good thing that unliking a socket won't kill the pipe of anything that has opened it already... (AFAIK, that is). Anyway, the above are not security risks. Do notice the sticky bit set in the directory. > I'm not sure that nobody should own *no* files. But files owned by > nobody *should* be minimized. Note that nobody is just another Yes, indeed. 'nobody' should own only files that in no way allow a security compromise. > In some cases, daemons run as 'nobody' (apache under RH, I believe), and > it may be necessary to create temporary files as 'nobody'. > > Other thoughts? Filesystem races are a major problem, if the daemon running as 'nobody' does not act in an extremely paranoid way when creating its temp files. This is a rather common exploit technique. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Attachment:
pgphCEvdk2nff.pgp
Description: PGP signature