Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Sep 2001 16:39:58 -0700 (PDT)
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        stb@freebsd.org
Subject:   ports/30701: setiathome port misuses the 'nobody' user
Message-ID:  <200109202339.f8KNdwr02459@blossom.cjclark.org>
next in thread | raw e-mail | index | archive | help 

>Number:         30701
>Category:       ports
>Synopsis:       setiathome port misuses the 'nobody' user
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 20 19:50:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Crist J. Clark
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD blossom.cjclark.org 4.3-STABLE FreeBSD 4.3-STABLE #0: Mon Jul 16 14:47:08 PDT 2001 cjc@blossom.cjclark.org:/usr/obj/export/stable/src/sys/BLOSSOM i386

	FreeBSD Ports
>Description:
	As a default, the SETI@Home port uses the user 'nobody' to run
the setiathome application. This is not the proper usage of the
'nobody' account and is a security problem.

	The 'nobody' user was added as the account root is mapped to
when sharing NFS mounts. The intention is to have a user who can
access all files on a filesystem as the world can. That is, NO FILES
SHOULD EVER BE OWNED OR GROUPED TO 'nobody.' Doing so breaks this
security feature of NFS.

	Running setiathome creates a number of files in
/var/db/setiathome owned by 'nobody.' This is a violation of the NFS
security model.

>How-To-Repeat:
	Examine, /usr/ports/astro/setiathome/files/setiathome.sh. It
contains the line,

  seti_user=nobody                        # user id to run as

>Fix:
	The default port install should not use 'nobody.' The best way
to go is to add a dedicated user to run setiathome or ask if it should
use an existing user, IMHO. Of course, the user should be prompted
asking whether he wishes to add a user to the system. I can help with
patches to the install process if the maintainer wants a hand fixing
this.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109202339.f8KNdwr02459>