On Mon, Jul 18, 2016 at 2:45 PM, Sam Varshavchik <mr...@courier-mta.com> wrote: > Lennart Poettering writes: > >> On Fedora, we currently have a "nobody" user that is defined to UID >> 99. It's defined unconditionally like this. To my knowledge there's no >> actual use of this user at all in Fedora however. > > > I see distccd running as the nobody user. > > I also see dnsmasq running as the nobody user.
This practice needs to end. For example, unless the offending code uses a PID namespace, you can ptrace another 'nobody' process, steal an fd pointing out of the chroot, and break out. -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
