FS#43964 : [minidlna] create a user/group instead of using nobody, which is not secure

FS#43964 - [minidlna] create a user/group instead of using nobody, which is not secure

Attached to Project: Community Packages
Opened by Daniel Micay (thestinger) - Thursday, 26 February 2015, 16:04 GMT
Last edited by Sergej Pupykin (sergej) - Thursday, 26 February 2015, 16:49 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Sergej Pupykin (sergej)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Daniel Micay (thestinger) (2015-02-26)
Private	No

Details

Among other issues, any process running as `nobody` can ptrace (debug) another process running as `nobody`. Arch enables ptrace_scope by default now, but it can't be relied upon because it's commonly disabled for compatibility or to attach debuggers to your own processes without root access.

It's better to have 2 services running as nobody than both running as root, but it's unnecessary to leave services vulnerable to each other like this. Using nobody rather than root is better in the case where the service is exploited, but it makes the service itself more vulnerable.

This task depends upon

Closed by Sergej Pupykin (sergej)
Thursday, 26 February 2015, 16:49 GMT
Reason for closing: Fixed

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#43964 - [minidlna] create a user/group instead of using nobody, which is not secure

Details

Loading...