qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Irina Boverman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-7090) qpidd should not use root as user
Date Wed, 09 Mar 2016 15:17:40 GMT

    [ https://issues.apache.org/jira/browse/QPID-7090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15187226#comment-15187226

Irina Boverman commented on QPID-7090:

Can you please tell me how did you start qpidd and what was the Ubuntu version?

> qpidd should not use root as user
> ---------------------------------
>                 Key: QPID-7090
>                 URL: https://issues.apache.org/jira/browse/QPID-7090
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: qpid-cpp-0.34
>         Environment: Debian/Ubuntu
>            Reporter: Morgan Lindqvist
>            Assignee: Ken Giusti
>            Priority: Minor
>              Labels: features, security
> When using the testing PPA on https://launchpad.net/~qpid to install qpidd the daemon
is executed using the user id and group id "root".
> The user id and group id that should be used is "qpidd".
> This will significantly reduce the risk the the daemon can be used to get root access
on the server.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message