Red Hat Bugzilla – Bug 23151
turn canna server off
Last modified: 2008-05-01 11:37:59 EDT
Canna will be started by default. Since this is a security risc it
should not be turned on by default.
I consider this critical. Don't be fooled by the fact it seems to run as user
That's only the effective user-id, the real user-id is root, so who would be
surprised to get a remote root compromise from this. There was one not long ago,
I'm sure there will be more.
Why is this thing running with root privs anyway? Isn't it some form of font
Oops - I'm not sure I mean user "wnn" (that's jserver), I think I mean
The rest is still all correct, including running as root.
This defect is considered MUST-FIX for Florence Gold release
The Canna and FreeWnn packages are now installed if and only if the user selects
"support Japanese" in the installer. The default for this is off when running
the installer in a language other than Japanese.
It won't even be installed with an Everything install unless you select to
support Japanese in the installer explicitly.