TagsBug#655578: ffproxy files owned and writable by "nobody"
January 12th, 2012 - 09:10 am ET by Stephane Chazelas | Report spam
Create a new topic
Package: ffproxy
Version: 1.6-8
Severity: normal
Dear Maintainer,
After installing ffproxy, we see a ffproxy process running as
"nobody" (fine) chrooted in a /var/lib/ffproxy (fine), but with
all the files in there owned and writable by nobody.
$ find /var/lib/ffproxy -ls
282430 4 drwxr-xr-x 4 root root 4096 Jan 12 13:33 /var/lib/ffproxy
283127 4 drwxr-xr-x 3 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/lib
283154 4 drwxr-xr-x 2 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu
283504 44 -rw-r--r-- 1 nobody nogroup 43552 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nis.so.2
283420 44 -rw-r--r-- 1 nobody nogroup 43552 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nis-2.13.so
283229 32 -rw-r--r-- 1 nobody nogroup 31584 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_compat.so.2
283363 20 -rw-r--r-- 1 nobody nogroup 18864 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_hesiod.so.2
283458 52 -rw-r--r-- 1 nobody nogroup 51696 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nisplus-2.13.so
283350 20 -rw-r--r-- 1 nobody nogroup 18864 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_hesiod-2.13.so
283482 52 -rw-r--r-- 1 nobody nogroup 51696 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nisplus.so.2
283228 32 -rw-r--r-- 1 nobody nogroup 31584 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_compat-2.13.so
283326 48 -rw-r--r-- 1 nobody nogroup 47616 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_files.so.2
283572 80 -rw-r--r-- 1 nobody nogroup 80712 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libresolv.so.2
283271 24 -rw-r--r-- 1 nobody nogroup 22928 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_dns.so.2
283279 48 -rw-r--r-- 1 nobody nogroup 47616 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_files-2.13.so
283568 80 -rw-r--r-- 1 nobody nogroup 80712 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libresolv-2.13.so
283180 88 -rw-r--r-- 1 nobody nogroup 89056 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnsl.so.1
283267 24 -rw-r--r-- 1 nobody nogroup 22928 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_dns-2.13.so
283176 88 -rw-r--r-- 1 nobody nogroup 89056 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnsl-2.13.so
282466 4 drwxr-xr-x 3 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc
282554 4 -rw-r--r-- 1 nobody nogroup 516 Jan 12 13:33 /var/lib/ffproxy/etc/nsswitch.conf
282604 4 drwxr-xr-x 4 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy
282646 4 drwxr-xr-x 2 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db
282671 4 -rw-r--r-- 1 nobody nogroup 336 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.rheader.drop
282695 4 -rw-r--r-- 1 nobody nogroup 307 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/access.dyndns
282711 4 -rw-r--r-- 1 nobody nogroup 486 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/access.host
282729 4 -rw-r--r-- 1 nobody nogroup 400 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/access.ip
282761 4 -rw-r--r-- 1 nobody nogroup 298 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.rheader.match
282789 4 -rw-r--r-- 1 nobody nogroup 399 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.url.match
282811 4 -rw-r--r-- 1 nobody nogroup 415 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.rheader.entry
282813 4 -rw-r--r-- 1 nobody nogroup 237 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.drop
282829 4 -rw-r--r-- 1 nobody nogroup 713 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.host.match
282845 4 -rw-r--r-- 1 nobody nogroup 327 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.match
282881 4 -rw-r--r-- 1 nobody nogroup 464 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.add
282915 4 -rw-r--r-- 1 nobody nogroup 495 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.entry
282943 4 drwxr-xr-x 2 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html
282962 4 -rw-r--r-- 1 nobody nogroup 234 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/connect
282980 4 -rw-r--r-- 1 nobody nogroup 228 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/invalid
283023 4 -rw-r--r-- 1 nobody nogroup 276 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/post
283072 4 -rw-r--r-- 1 nobody nogroup 254 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/filtered
283090 4 -rw-r--r-- 1 nobody nogroup 229 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/resolve
283124 4 -rw-r--r-- 1 nobody nogroup 3665 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/ffproxy.conf
282490 4 -rw-r--r-- 1 nobody nogroup 3661 Jan 12 13:33 /var/lib/ffproxy/etc/localtime
282534 4 -rw-r--r-- 1 nobody nogroup 124 Jan 12 13:33 /var/lib/ffproxy/etc/resolv.conf
282515 4 -rw-r--r-- 1 nobody nogroup 609 Jan 12 13:33 /var/lib/ffproxy/etc/hosts
which defaults the purpose of having a chroot. Files and dirs should be
root:root owned and read-only.
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ffproxy depends on:
ii libc6 2.13-24
ii lsb-base 3.2-28
ii ucf 3.0025+nmu2
ffproxy recommends no packages.
ffproxy suggests no packages.
To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Version: 1.6-8
Severity: normal
Dear Maintainer,
After installing ffproxy, we see a ffproxy process running as
"nobody" (fine) chrooted in a /var/lib/ffproxy (fine), but with
all the files in there owned and writable by nobody.
$ find /var/lib/ffproxy -ls
282430 4 drwxr-xr-x 4 root root 4096 Jan 12 13:33 /var/lib/ffproxy
283127 4 drwxr-xr-x 3 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/lib
283154 4 drwxr-xr-x 2 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu
283504 44 -rw-r--r-- 1 nobody nogroup 43552 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nis.so.2
283420 44 -rw-r--r-- 1 nobody nogroup 43552 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nis-2.13.so
283229 32 -rw-r--r-- 1 nobody nogroup 31584 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_compat.so.2
283363 20 -rw-r--r-- 1 nobody nogroup 18864 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_hesiod.so.2
283458 52 -rw-r--r-- 1 nobody nogroup 51696 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nisplus-2.13.so
283350 20 -rw-r--r-- 1 nobody nogroup 18864 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_hesiod-2.13.so
283482 52 -rw-r--r-- 1 nobody nogroup 51696 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_nisplus.so.2
283228 32 -rw-r--r-- 1 nobody nogroup 31584 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_compat-2.13.so
283326 48 -rw-r--r-- 1 nobody nogroup 47616 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_files.so.2
283572 80 -rw-r--r-- 1 nobody nogroup 80712 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libresolv.so.2
283271 24 -rw-r--r-- 1 nobody nogroup 22928 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_dns.so.2
283279 48 -rw-r--r-- 1 nobody nogroup 47616 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_files-2.13.so
283568 80 -rw-r--r-- 1 nobody nogroup 80712 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libresolv-2.13.so
283180 88 -rw-r--r-- 1 nobody nogroup 89056 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnsl.so.1
283267 24 -rw-r--r-- 1 nobody nogroup 22928 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnss_dns-2.13.so
283176 88 -rw-r--r-- 1 nobody nogroup 89056 Jan 12 13:33 /var/lib/ffproxy/lib/x86_64-linux-gnu/libnsl-2.13.so
282466 4 drwxr-xr-x 3 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc
282554 4 -rw-r--r-- 1 nobody nogroup 516 Jan 12 13:33 /var/lib/ffproxy/etc/nsswitch.conf
282604 4 drwxr-xr-x 4 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy
282646 4 drwxr-xr-x 2 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db
282671 4 -rw-r--r-- 1 nobody nogroup 336 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.rheader.drop
282695 4 -rw-r--r-- 1 nobody nogroup 307 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/access.dyndns
282711 4 -rw-r--r-- 1 nobody nogroup 486 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/access.host
282729 4 -rw-r--r-- 1 nobody nogroup 400 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/access.ip
282761 4 -rw-r--r-- 1 nobody nogroup 298 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.rheader.match
282789 4 -rw-r--r-- 1 nobody nogroup 399 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.url.match
282811 4 -rw-r--r-- 1 nobody nogroup 415 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.rheader.entry
282813 4 -rw-r--r-- 1 nobody nogroup 237 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.drop
282829 4 -rw-r--r-- 1 nobody nogroup 713 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.host.match
282845 4 -rw-r--r-- 1 nobody nogroup 327 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.match
282881 4 -rw-r--r-- 1 nobody nogroup 464 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.add
282915 4 -rw-r--r-- 1 nobody nogroup 495 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/db/filter.header.entry
282943 4 drwxr-xr-x 2 nobody nogroup 4096 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html
282962 4 -rw-r--r-- 1 nobody nogroup 234 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/connect
282980 4 -rw-r--r-- 1 nobody nogroup 228 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/invalid
283023 4 -rw-r--r-- 1 nobody nogroup 276 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/post
283072 4 -rw-r--r-- 1 nobody nogroup 254 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/filtered
283090 4 -rw-r--r-- 1 nobody nogroup 229 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/html/resolve
283124 4 -rw-r--r-- 1 nobody nogroup 3665 Jan 12 13:33 /var/lib/ffproxy/etc/ffproxy/ffproxy.conf
282490 4 -rw-r--r-- 1 nobody nogroup 3661 Jan 12 13:33 /var/lib/ffproxy/etc/localtime
282534 4 -rw-r--r-- 1 nobody nogroup 124 Jan 12 13:33 /var/lib/ffproxy/etc/resolv.conf
282515 4 -rw-r--r-- 1 nobody nogroup 609 Jan 12 13:33 /var/lib/ffproxy/etc/hosts
which defaults the purpose of having a chroot. Files and dirs should be
root:root owned and read-only.
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ffproxy depends on:
ii libc6 2.13-24
ii lsb-base 3.2-28
ii ucf 3.0025+nmu2
ffproxy recommends no packages.
ffproxy suggests no packages.
To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Follow the discussion
1 reply
Make a replySimilar topics
Make your own search :
May 24th, 2013 - 12:17 PM ET
Join now
Replies