Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
| Bug#: 24572 | Product: Gentoo Linux | Version: unspecified | Platform: All |
| OS/Version: Linux | Status: RESOLVED | Severity: normal | Priority: P2 |
| Resolution: FIXED | Assigned To: aliz@gentoo.org | Reported By: raimund@spemaus.de | |
| Component: Applications | |||
| URL: | |||
| Summary: stunnel 4.02 uid/gid nobody/nogroup is insecure | |||
| Keywords: | |||
| Status Whiteboard: | |||
| Opened: 2003-07-16 00:58 0000 | |||
| Description: | Opened: 2003-07-16 00:58 0000 |
The config file stunnel.conf which is installed by default attempts to start stunnel setuid nobody and setgid nogroup. Generally it is not advisable to run daemons setuid nobody because if there is more than one such program, they could ptrace or send signals to each other. The ebuild should better create dedicated user and group "stunnel". Reproducible: Always Steps to Reproduce:
Incorporated in 4.04-r2, please test.