*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: tinyproxy Tinyproxy's default configuration is to user nobody:nogroup. This is a bad idea if other applications are configured to use nobody or nogroup -- I've filed bugs for other applications about this, so I'm sure it happens -- because unrelated applications can signal each other or use up each other's disk quotas or read shared memory segments. Further, the user 'nobody' exists so NFS servers and other networked file systems have a user they can use for their filesystem tests -- if there are files owned by the user 'nobody', this can grant unexpected access to users via a technique intended to squash all special privileges. ** Affects: tinyproxy (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- please use tinyproxy specific user and group https://bugs.launchpad.net/bugs/590634 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs