*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: tinyproxy
Tinyproxy's default configuration is to user nobody:nogroup.
This is a bad idea if other applications are configured to use nobody or
nogroup -- I've filed bugs for other applications about this, so I'm
sure it happens -- because unrelated applications can signal each other
or use up each other's disk quotas or read shared memory segments.
Further, the user 'nobody' exists so NFS servers and other networked
file systems have a user they can use for their filesystem tests -- if
there are files owned by the user 'nobody', this can grant unexpected
access to users via a technique intended to squash all special
privileges.
** Affects: tinyproxy (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
please use tinyproxy specific user and group
https://bugs.launchpad.net/bugs/590634
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
