[Bug 401107] Re: Software runs as root
Fred
eldmannen+launchpad at gmail.com
Mon Jul 20 15:07:20 BST 2009
If that is the only way, then the software is bad, and needs to be fixed
or replaced.
I do not want an insecure system and potentially exploitable system
because of a setup with badly isolated processes and crappy software
that requires superuser privileges.
X.org can be fixed so it wont need to run as root, using kernel mode setting (KMS). OpenBSD is interested in this.
http://www.phoronix.com/scan.php?page=news_item&px=NzM2MA
I don't understand why a network daemon (winbindd from samba) needs root. That is absolutely stupid, and just begging to get hacked.
It cant be much different from a HTTP or FTP server, and running that as root would be stupid.
In dhcp3 there was recently discovered several security vulnerabilities. How convenient that it runs as root.
http://www.debian.org/security/2009/dsa-1833
** Description changed:
- Binary package hint: cups
-
Software runs as root.
This is bad, it should not run as a superuser, it is dangerous in terms of system security. This is unsafe.
It should safely run as a non-privileged user.
Following the principle of least privilege.
http://en.wikipedia.org/wiki/Principle_of_least_privilege
** Changed in: xorg-server (Ubuntu)
Status: Invalid => Confirmed
--
Software runs as root
https://bugs.launchpad.net/bugs/401107
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.
More information about the Ubuntu-server-bugs
mailing list