Package: oidentd Version: 2.0.7-3 Severity: important oidentd runs as user nobody. Unlike a few other Unices, Linux does *not* support such concept as a "nobody" user.
Therefore, breaking into any service that runs as user "nobody" means taking control over *all* services that run as user "nobody". (on Unix with genuine nobody accounts, only one such service would be affected). This is completely unnecessary security risk. oidentd should get its own user and group account, as most other services already do. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
