qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Ross (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-7090) qpidd should not use root as user
Date Thu, 10 Mar 2016 15:29:40 GMT

     [ https://issues.apache.org/jira/browse/QPID-7090?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Justin Ross updated QPID-7090:
------------------------------
    Assignee: Irina Boverman  (was: Ken Giusti)

> qpidd should not use root as user
> ---------------------------------
>
>                 Key: QPID-7090
>                 URL: https://issues.apache.org/jira/browse/QPID-7090
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: qpid-cpp-0.34
>         Environment: Debian/Ubuntu
>            Reporter: Morgan Lindqvist
>            Assignee: Irina Boverman
>            Priority: Minor
>              Labels: features, security
>
> When using the testing PPA on https://launchpad.net/~qpid to install qpidd the daemon
is executed using the user id and group id "root".
> The user id and group id that should be used is "qpidd".
> This will significantly reduce the risk the the daemon can be used to get root access
on the server.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message