=================== BUG #3254: LATEST MODIFICATIONS ==================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3254&group_id=2348
Changes by: Mathieu Roy <[EMAIL PROTECTED]>
Date: Thu 04/17/03 at 20:22 (Europe/Paris)
What | Removed | Added
---------------------------------------------------------------------------
Status | Open | Closed
------------------ Additional Follow-up Comments ----------------------------
Fixed in the CVS. Pdbv now run as nobody by default.
=================== BUG #3254: FULL BUG SNAPSHOT ===================
Submitted by: yeupou Project: Package DataBase View
Submitted on: Thu 04/17/03 at 14:57
Category: core Severity: 7
Bug Group: None Resolution: None
Assigned to: yeupou Status: Closed
Summary: pdbv usually run as root
Original Submission: Pdbv should not run as root, it compromises the security
of a system, especially if /etc/pdbvrc2 get too laxist mode/ownership.
"www-data" may be a good choice on debian system but this user is not usual on
RedHat-based systems. In this regard, "daemon" is probably a better choice.
I do not think we should define the user with pdbvrc. It's surely better to
just run pdbv with the user who started it, it let user do what they want. In
addition, we could return a warning message, when running pdbv as root.
Modifying /etc/cron.d/pdbv2 should be enough.
Follow-up Comments
*******************
-------------------------------------------------------
Date: Thu 04/17/03 at 20:22 By: yeupou
Fixed in the CVS. Pdbv now run as nobody by default.
-------------------------------------------------------
Date: Thu 04/17/03 at 14:59 By: yeupou
Or maybe "nobody" can be a correct defaut user?
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3254&group_id=2348
