Red Hat Bugzilla – Bug 111578
rwhod runs as root
Last modified: 2015-03-04 20:13:11 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6a)
Description of problem:
The rwhod daemon has the ability to drop root privileges on its writer
process. We might as well take advantage of this capability and run
it as a non-priviledged user.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Actual Results: Runs as root.
Expected Results: The writer process should be a non-priviledged user.
Created attachment 96372 [details]
spec file changes to run rwhod as a non-privileged user
Created attachment 96373 [details]
sysv init file changes to run rwhod as a non-privileged user
These patches make rwhod run the writer process as a new user called "rwhod".
As few notes:
the uid for rwhod is 49, which I chose at random. It doesn't seem to conflict
with anything I've been able to find. Is there a registry for system uids
Also, if an existing rwho RPM is updated, any files in /var/spool/rwho owned by
root will not be writable by rwhod, effectively freezing the rwho information
for those hosts in time. Perhaps the spec file should do a chown?
Sounds like a good idea.
Investigating and discussing with folks here.
Read ya, Phil
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Closing per previous comment and lack of response. Also note that FC1 and FC2
are no longer supported even by Fedora Legacy.