Bug 23151 - turn canna server off
Summary: turn canna server off
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: Canna (Show other bugs)
(Show other bugs)
Version: 7.1
Hardware: i386 Linux
Target Milestone: ---
Assignee: Eido Inoue
QA Contact:
Whiteboard: Florence Beta-3
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-01-02 15:54 UTC by Gerald Teschl
Modified: 2008-05-01 15:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-01-22 17:26:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Gerald Teschl 2001-01-02 15:54:44 UTC
Canna will be started by default. Since this is a security risc it
should not be turned on by default.

Comment 1 Chris Evans 2001-01-02 23:57:01 UTC
I consider this critical. Don't be fooled by the fact it seems to run as user
That's only the effective user-id, the real user-id is root, so who would be
surprised to get a remote root compromise from this. There was one not long ago,
I'm sure there will be more.

Why is this thing running with root privs anyway? Isn't it some form of font

Comment 2 Chris Evans 2001-01-03 00:05:23 UTC
Oops - I'm not sure I mean user "wnn" (that's jserver), I think I mean
user "bin".
The rest is still all correct, including running as root.

Comment 3 Glen Foster 2001-01-11 21:13:53 UTC
This defect is considered MUST-FIX for Florence Gold release

Comment 4 Matt Wilson 2001-01-22 17:26:19 UTC
The Canna and FreeWnn packages are now installed if and only if the user selects
"support Japanese" in the installer.  The default for this is off when running
the installer in a language other than Japanese.

It won't even be installed with an Everything install unless you select to
support Japanese in the installer explicitly.

Note You need to log in before you can comment on or make changes to this bug.