From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a) Gecko/20031030 Description of problem: The rwhod daemon has the ability to drop root privileges on its writer process. We might as well take advantage of this capability and run it as a non-priviledged user. Version-Release number of selected component (if applicable): rwho-0.17-19 How reproducible: Always Steps to Reproduce: Run rwhod. Actual Results: Runs as root. Expected Results: The writer process should be a non-priviledged user.
Created attachment 96372 [details] spec file changes to run rwhod as a non-privileged user
Created attachment 96373 [details] sysv init file changes to run rwhod as a non-privileged user These patches make rwhod run the writer process as a new user called "rwhod". As few notes: the uid for rwhod is 49, which I chose at random. It doesn't seem to conflict with anything I've been able to find. Is there a registry for system uids somewhere? Also, if an existing rwho RPM is updated, any files in /var/spool/rwho owned by root will not be writable by rwhod, effectively freezing the rwho information for those hosts in time. Perhaps the spec file should do a chown?
Sounds like a good idea. Investigating and discussing with folks here. Read ya, Phil
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.
Closing per previous comment and lack of response. Also note that FC1 and FC2 are no longer supported even by Fedora Legacy.