Date: Thu, 20 Sep 2001 16:39:58 -0700 (PDT) From: "Crist J. Clark" <cristjc@earthlink.net> To: FreeBSD-gnats-submit@freebsd.org Cc: stb@freebsd.org Subject: ports/30701: setiathome port misuses the 'nobody' user Message-ID: <200109202339.f8KNdwr02459@blossom.cjclark.org>
next in thread | raw e-mail | index | archive | help
>Number: 30701 >Category: ports >Synopsis: setiathome port misuses the 'nobody' user >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 20 19:50:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Crist J. Clark >Release: FreeBSD 4.3-STABLE i386 >Organization: >Environment: System: FreeBSD blossom.cjclark.org 4.3-STABLE FreeBSD 4.3-STABLE #0: Mon Jul 16 14:47:08 PDT 2001 cjc@blossom.cjclark.org:/usr/obj/export/stable/src/sys/BLOSSOM i386 FreeBSD Ports >Description: As a default, the SETI@Home port uses the user 'nobody' to run the setiathome application. This is not the proper usage of the 'nobody' account and is a security problem. The 'nobody' user was added as the account root is mapped to when sharing NFS mounts. The intention is to have a user who can access all files on a filesystem as the world can. That is, NO FILES SHOULD EVER BE OWNED OR GROUPED TO 'nobody.' Doing so breaks this security feature of NFS. Running setiathome creates a number of files in /var/db/setiathome owned by 'nobody.' This is a violation of the NFS security model. >How-To-Repeat: Examine, /usr/ports/astro/setiathome/files/setiathome.sh. It contains the line, seti_user=nobody # user id to run as >Fix: The default port install should not use 'nobody.' The best way to go is to add a dedicated user to run setiathome or ask if it should use an existing user, IMHO. Of course, the user should be prompted asking whether he wishes to add a user to the system. I can help with patches to the install process if the maintainer wants a hand fixing this. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109202339.f8KNdwr02459>