From owner-freebsd-ports Thu Sep 20 19:50: 9 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id CA0AB37B41B for ; Thu, 20 Sep 2001 19:50:00 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f8L2o0531689; Thu, 20 Sep 2001 19:50:00 -0700 (PDT) (envelope-from gnats) Received: from gull.mail.pas.earthlink.net (gull.mail.pas.earthlink.net [207.217.121.85]) by hub.freebsd.org (Postfix) with ESMTP id 7959137B40D; Thu, 20 Sep 2001 19:41:30 -0700 (PDT) Received: from blossom.cjclark.org (dialup-209.244.105.202.Dial1.SanJose1.Level3.net [209.244.105.202]) by gull.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id TAA22329; Thu, 20 Sep 2001 19:41:10 -0700 (PDT) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.4/8.11.3) id f8KNdwr02459; Thu, 20 Sep 2001 16:39:58 -0700 (PDT) (envelope-from cjc) Message-Id: <200109202339.f8KNdwr02459@blossom.cjclark.org> Date: Thu, 20 Sep 2001 16:39:58 -0700 (PDT) From: "Crist J. Clark" Reply-To: "Crist J. Clark" To: FreeBSD-gnats-submit@freebsd.org Cc: stb@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/30701: setiathome port misuses the 'nobody' user Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 30701 >Category: ports >Synopsis: setiathome port misuses the 'nobody' user >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 20 19:50:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Crist J. Clark >Release: FreeBSD 4.3-STABLE i386 >Organization: >Environment: System: FreeBSD blossom.cjclark.org 4.3-STABLE FreeBSD 4.3-STABLE #0: Mon Jul 16 14:47:08 PDT 2001 cjc@blossom.cjclark.org:/usr/obj/export/stable/src/sys/BLOSSOM i386 FreeBSD Ports >Description: As a default, the SETI@Home port uses the user 'nobody' to run the setiathome application. This is not the proper usage of the 'nobody' account and is a security problem. The 'nobody' user was added as the account root is mapped to when sharing NFS mounts. The intention is to have a user who can access all files on a filesystem as the world can. That is, NO FILES SHOULD EVER BE OWNED OR GROUPED TO 'nobody.' Doing so breaks this security feature of NFS. Running setiathome creates a number of files in /var/db/setiathome owned by 'nobody.' This is a violation of the NFS security model. >How-To-Repeat: Examine, /usr/ports/astro/setiathome/files/setiathome.sh. It contains the line, seti_user=nobody # user id to run as >Fix: The default port install should not use 'nobody.' The best way to go is to add a dedicated user to run setiathome or ask if it should use an existing user, IMHO. Of course, the user should be prompted asking whether he wishes to add a user to the system. I can help with patches to the install process if the maintainer wants a hand fixing this. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message