24572 2003-07-16 00:58 0000 stunnel 4.02 uid/gid nobody/nogroup is insecure 2003-10-28 07:23:24 0000 1 1 1 Unclassified Gentoo Linux Applications unspecified All Linux RESOLVED FIXED P2 normal --- 1 raimund@spemaus.de aliz@gentoo.org raimund@spemaus.de 2003-07-16 00:58:20 0000 The config file stunnel.conf which is installed by default attempts to start stunnel setuid nobody and setgid nogroup. Generally it is not advisable to run daemons setuid nobody because if there is more than one such program, they could ptrace or send signals to each other. The ebuild should better create dedicated user and group "stunnel". Reproducible: Always Steps to Reproduce: aliz@gentoo.org 2003-10-28 07:23:24 0000 Incorporated in 4.04-r2, please test.