qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Irina Boverman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-7090) qpidd should not use root as user
Date Fri, 11 Mar 2016 20:26:43 GMT

    [ https://issues.apache.org/jira/browse/QPID-7090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15191462#comment-15191462
] 

Irina Boverman commented on QPID-7090:
--------------------------------------

Resolved in qpid-cpp (0.34-3trusty+qpid1).

> qpidd should not use root as user
> ---------------------------------
>
>                 Key: QPID-7090
>                 URL: https://issues.apache.org/jira/browse/QPID-7090
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: qpid-cpp-0.34
>         Environment: Debian/Ubuntu
>            Reporter: Morgan Lindqvist
>            Assignee: Irina Boverman
>            Priority: Minor
>              Labels: features, packaging, security
>
> When using the testing PPA on https://launchpad.net/~qpid to install qpidd the daemon
is executed using the user id and group id "root".
> The user id and group id that should be used is "qpidd".
> This will significantly reduce the risk the the daemon can be used to get root access
on the server.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message