Package: ffproxy Version: 1.6-8 Severity: normal Dear Maintainer,
After installing ffproxy, we see a ffproxy process running as "nobody" (fine) chrooted in a /var/lib/ffproxy (fine), but with all the files in there owned and writable by nobody. $ find /var/lib/ffproxy -ls 282430 4 drwxr-xr-x 4 root root 4096 Jan 12 13:33 /var/lib/ffproxy 283127 4 drwxr-xr-x 3 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/lib 283154 4 drwxr-xr-x 2 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu 283504 44 -rw-r--r-- 1 nobody nogroup 43552 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nis.so.2 283420 44 -rw-r--r-- 1 nobody nogroup 43552 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nis-2.13.so 283229 32 -rw-r--r-- 1 nobody nogroup 31584 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_compat.so.2 283363 20 -rw-r--r-- 1 nobody nogroup 18864 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_hesiod.so.2 283458 52 -rw-r--r-- 1 nobody nogroup 51696 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nisplus-2.13.so 283350 20 -rw-r--r-- 1 nobody nogroup 18864 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_hesiod-2.13.so 283482 52 -rw-r--r-- 1 nobody nogroup 51696 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nisplus.so.2 283228 32 -rw-r--r-- 1 nobody nogroup 31584 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_compat-2.13.so 283326 48 -rw-r--r-- 1 nobody nogroup 47616 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_files.so.2 283572 80 -rw-r--r-- 1 nobody nogroup 80712 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libresolv.so.2 283271 24 -rw-r--r-- 1 nobody nogroup 22928 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_dns.so.2 283279 48 -rw-r--r-- 1 nobody nogroup 47616 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_files-2.13.so 283568 80 -rw-r--r-- 1 nobody nogroup 80712 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libresolv-2.13.so 283180 88 -rw-r--r-- 1 nobody nogroup 89056 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnsl.so.1 283267 24 -rw-r--r-- 1 nobody nogroup 22928 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_dns-2.13.so 283176 88 -rw-r--r-- 1 nobody nogroup 89056 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnsl-2.13.so 282466 4 drwxr-xr-x 3 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc 282554 4 -rw-r--r-- 1 nobody nogroup 516 Jan 12 13:33 /var/lib/ffproxy/etc/nsswitch.conf 282604 4 drwxr-xr-x 4 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy 282646 4 drwxr-xr-x 2 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db 282671 4 -rw-r--r-- 1 nobody nogroup 336 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.rheader.drop 282695 4 -rw-r--r-- 1 nobody nogroup 307 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/access.dyndns 282711 4 -rw-r--r-- 1 nobody nogroup 486 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/access.host 282729 4 -rw-r--r-- 1 nobody nogroup 400 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/access.ip 282761 4 -rw-r--r-- 1 nobody nogroup 298 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.rheader.match 282789 4 -rw-r--r-- 1 nobody nogroup 399 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.url.match 282811 4 -rw-r--r-- 1 nobody nogroup 415 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.rheader.entry 282813 4 -rw-r--r-- 1 nobody nogroup 237 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.drop 282829 4 -rw-r--r-- 1 nobody nogroup 713 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.host.match 282845 4 -rw-r--r-- 1 nobody nogroup 327 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.match 282881 4 -rw-r--r-- 1 nobody nogroup 464 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.add 282915 4 -rw-r--r-- 1 nobody nogroup 495 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.entry 282943 4 drwxr-xr-x 2 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html 282962 4 -rw-r--r-- 1 nobody nogroup 234 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/connect 282980 4 -rw-r--r-- 1 nobody nogroup 228 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/invalid 283023 4 -rw-r--r-- 1 nobody nogroup 276 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/post 283072 4 -rw-r--r-- 1 nobody nogroup 254 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/filtered 283090 4 -rw-r--r-- 1 nobody nogroup 229 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/resolve 283124 4 -rw-r--r-- 1 nobody nogroup 3665 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/ffproxy.conf 282490 4 -rw-r--r-- 1 nobody nogroup 3661 Jan 12 13:33 /var/lib/ffproxy/etc/localtime 282534 4 -rw-r--r-- 1 nobody nogroup 124 Jan 12 13:33 /var/lib/ffproxy/etc/resolv.conf 282515 4 -rw-r--r-- 1 nobody nogroup 609 Jan 12 13:33 /var/lib/ffproxy/etc/hosts which defaults the purpose of having a chroot. Files and dirs should be root:root owned and read-only. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ffproxy depends on: ii libc6 2.13-24 ii lsb-base 3.2-28 ii ucf 3.0025+nmu2 ffproxy recommends no packages. ffproxy suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org