Date: Wed, 10 Oct 2001 13:10:01 +0100 (BST) From: Gavin Atkinson <gavin@ury.york.ac.uk> To: "Kasper (swebase)" <kasper@swebase.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Rmuser problem Message-ID: <Pine.BSF.4.33.0110101256270.72017-100000@ury.york.ac.uk> In-Reply-To: <001401c1517b$9ca3eae0$f02750d5@swebasekasper>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Oct 2001, Kasper (swebase) wrote: > Matching password entry: > > majordomo:1Yohj.aE4MT0Y:1016:1016::0:0:MajorDomo:/home/majordomo:/bin/csh Can't help you with your problem - but you probably should not be running majordomo as UID 0. The perl scripts are setuid, and there are some pretty large security hoels in it that can give any local user the ability to execute code as the majordomo user, and as far as I am aware, quite a few of these problems and others are still outstanding. Give majordomo a different UID, there is no need for it to be UID 0 anyway. It does need to be in the daemon group however, and it is not easy to make it fully secure. Gavin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0110101256270.72017-100000>