*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: origami Origami is using the 'nogroup' group for its group file ownership; instead, a special group must be created in the same fashion as the 'origami' user. 'nogroup' (and 'nobody') exist so that programs, such as NFS daemons, can run with those uids, and reasonably expect to access only files in the filesystem with world (other) read/write access. If there are files with group owner 'nogroup' in the filesystem, then the point of the 'nogroup' group is broken. (The use of nobody/nogroup for overflow uid/gid is unfortunate, and yet another compounding reason why origami shouldn't be using 'nogroup' for file ownership.) Because the files created by origami do need a group owner of some sort, I recommend creating a new group when creating a new user. That way, no other processes on the system get unexpected privileges to the fold...@home files, and fold...@home does not get unexpected privileges to other files that might also be making the same mistake. :) Thanks! ** Affects: origami (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- origami should not use 'nogroup' for group file ownership https://bugs.launchpad.net/bugs/523134 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs