Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 212919

Summary: nobody's home is /
Product: Gentoo Security Reporter: Julien Cayzac <julien.cayzac+gentoo>
Component: Default ConfigsAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
URL: http://trac.lighttpd.net/trac/ticket/1587
Whiteboard:
Package list:
Runtime testing required: ---

Description Julien Cayzac 2008-03-10 11:26:37 UTC 
With Gentoo's default install, the home directory for the user "nobody" is set to "/".
This can lead to some serious security problems such as the one I sent to the lighttpd team (see the link above)
A solution would be to have nobody's home point to a non existent directory.

ps> I don't know what severity I should assign to this one since nothing "crashes" :-/


Reproducible: Always
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2008-03-10 11:29:34 UTC 

*** This bug has been marked as a duplicate of bug 150159 ***