Bug 23151
Summary: | turn canna server off | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Gerald Teschl <gt> |
Component: | Canna | Assignee: | Eido Inoue <havill> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.1 | CC: | chris, notting |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | Florence Beta-3 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2001-01-22 17:26:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Gerald Teschl
2001-01-02 15:54:44 UTC
I consider this critical. Don't be fooled by the fact it seems to run as user "wnn". That's only the effective user-id, the real user-id is root, so who would be surprised to get a remote root compromise from this. There was one not long ago, I'm sure there will be more. Why is this thing running with root privs anyway? Isn't it some form of font thing? Oops - I'm not sure I mean user "wnn" (that's jserver), I think I mean user "bin". The rest is still all correct, including running as root. This defect is considered MUST-FIX for Florence Gold release The Canna and FreeWnn packages are now installed if and only if the user selects "support Japanese" in the installer. The default for this is off when running the installer in a language other than Japanese. It won't even be installed with an Everything install unless you select to support Japanese in the installer explicitly. |