Bug 625

Summary:	dictd server runs as a user with no name
Product:	Sisyphus	Reporter:	imz <vanyaz>
Component:	dictd	Assignee:	Alexey Dyachenko <alexd>
Status:	CLOSED FIXED	QA Contact:
Severity:	blocker
Priority:	P4	CC:	cheusov, lav
Version:	unstable
Hardware:	all
OS:	Linux

Description imz 2002-02-17 21:32:14 MSK

There is no user for dictd, and by default the server runs as
user with a strange numeric ID:

$ ps -A u | fgrep dict
#65534    1030  0.0  0.0  5012    4 ?        S    Feb07   0:00 dictd 1.5.5: 0/0
$ rpm -q dictd
dictd-1.5.5-ipl2

I think this is bad, because there is no guarantee that no other service uses the same UID as dictd, and so the systm gets less secure.

---
$ sudo service dictd start

---

Comment 1 Dmitry V. Levin 2002-02-18 13:18:10 MSK

I\'ve raised severity of this PR since the bug is a security policy violation.

Comment 2 Dmitry V. Levin 2002-02-18 13:18:10 MSK

I\'ve raised severity of this PR since the bug is a security policy violation.