> Ok, the example wasn't good.
> It was a long day for me, thus, please forgive me that slip-up.
>
This is certainly a much better example, but:
> On example, many httpd servers works with the same privilages,
> it means that you can read any CGI temporary file, and other
> files readable only by CGI scripts.
httpd servers shouldn't be running as user nobody they should be
running as user www or something similar.
> I think about a case where a CGI script saves some important
> information in a temporary file, like PHP do with the sessions:
>
> -rw------- 1 nobody nobody 329 May 14 12:16 /tmp/sess_0cd156a633
The bug is in one of PHP/CGI/httpd NOT in in.fingerd.
nobody has a very special meaning, it is the user id that root gets mapped
to over NFS. It was created for that reason and that reason alone, it
is NOT a general purpose account to run daemons or cgi or anything else
under. If applications need to run as a user other than root then they
should have a user for that application, eg Oracle DB server runs as
the user oracle.
in.fingerd is a special case and it is running as nobody explicitly because
there should be no sensitive files that are owned by the nobody user. If
you have a system where there are local files that are owned by nobody
then you have a configuration error or a bug in another application but it
isn't in.fingerd's problem.
--
Darren J Moffat
