Your message dated Thu, 26 Jun 2008 21:02:11 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#50859: fixed in xfs 1:1.0.8-1.1
has caused the Debian Bug report #50859,
regarding xfs: daemon runs as root
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
50859: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=50859
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: xfs
Version: 3.3.5-2
Severity: critical
xfs is run as root by default.
xfs has had a bad history of security flaws, and does not require
root privileges, therefore it should NOT be run as root.
since xfs creates and writes files (in /tmp) it should be given its
own user to run as, rather then nobody or daemon. (see debian-devel
archives for discussion on this "Re: Logs and Permissions for
Daemons" )
[EMAIL PROTECTED] ~]$ ps aux | grep xfs
root 233 0.0 0.9 2088 1200 ? S 20:50 0:00 /usr/bin/X11/xfs
root 238 0.0 0.5 1680 1200 ? S 20:50 0:00
/usr/bin/X11/xfstt --port 7101 --daemon --user nobody
Best Regards,
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
--- End Message ---
--- Begin Message ---
Source: xfs
Source-Version: 1:1.0.8-1.1
We believe that the bug you reported is fixed in the latest version of
xfs, which is due to be installed in the Debian FTP archive:
xfs_1.0.8-1.1.diff.gz
to pool/main/x/xfs/xfs_1.0.8-1.1.diff.gz
xfs_1.0.8-1.1.dsc
to pool/main/x/xfs/xfs_1.0.8-1.1.dsc
xfs_1.0.8-1.1_i386.deb
to pool/main/x/xfs/xfs_1.0.8-1.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Petter Reinholdtsen <[EMAIL PROTECTED]> (supplier of updated xfs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 26 Jun 2008 22:45:42 +0200
Source: xfs
Binary: xfs
Architecture: source i386
Version: 1:1.0.8-1.1
Distribution: unstable
Urgency: low
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Petter Reinholdtsen <[EMAIL PROTECTED]>
Description:
xfs - X font server
Closes: 50859 481758
Changes:
xfs (1:1.0.8-1.1) unstable; urgency=low
.
* Non-maintainer upload to fix RC bug.
* Run xfs process as user nobody by default (Closes: #50859). Patch
from Petter Reinholdtsen.
* Build with -DUSE_SYSLOG to get the syslog option to work, to avoid
log rotation issue when xfs is running as a non-privileged
user (Closes: 481758). Patch from Sven Joachim.
Checksums-Sha1:
fa308d0653c831add62273291c49f6659468321a 1225 xfs_1.0.8-1.1.dsc
a1d84a3d2142d47d99cc2cb6b56d0c328d64fb3b 37807 xfs_1.0.8-1.1.diff.gz
5f492d37ca5aa667d081fb9523a7035dc5765f3c 91568 xfs_1.0.8-1.1_i386.deb
Checksums-Sha256:
a0871e3368283b46b8cca604558eaca37090206ed87327843888a334b4cbf271 1225
xfs_1.0.8-1.1.dsc
1d7a2c85e0b82d8ac75ef01c4cbbbbe4587267ae988a45b5a7ddd37aa9b33b6e 37807
xfs_1.0.8-1.1.diff.gz
3214c4ccea2e1bae4f92d5214cb338adf110b74a5ffb704c3eea1394d75dac12 91568
xfs_1.0.8-1.1_i386.deb
Files:
51da2e391cedc01a885b0fd92ee4a7af 1225 x11 optional xfs_1.0.8-1.1.dsc
081e09d12860fcaceb3ee296c32e2c02 37807 x11 optional xfs_1.0.8-1.1.diff.gz
416b589ed7bda7969d90add6b6b21ec2 91568 x11 optional xfs_1.0.8-1.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIZAFt20zMSyow1ykRAsWxAJsHoIP0bd3hBCze1gq2abi4mz61sgCgoqF4
JtWtgs16zijue7EzL7fTmDI=
=mwQA
-----END PGP SIGNATURE-----
--- End Message ---
