Bug 23151 - turn canna server off
Summary: turn canna server off
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: Canna
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Eido Inoue
QA Contact:
URL:
Whiteboard: Florence Beta-3
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-02 15:54 UTC by Gerald Teschl
Modified: 2008-05-01 15:37 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-01-22 17:26:23 UTC
Embargoed:

Attachments (Terms of Use)

Description Gerald Teschl 2001-01-02 15:54:44 UTC 
Canna will be started by default. Since this is a security risc it
should not be turned on by default.
Comment 1 Chris Evans 2001-01-02 23:57:01 UTC 
I consider this critical. Don't be fooled by the fact it seems to run as user
"wnn".
That's only the effective user-id, the real user-id is root, so who would be
surprised to get a remote root compromise from this. There was one not long ago,
I'm sure there will be more.

Why is this thing running with root privs anyway? Isn't it some form of font
thing?
Comment 2 Chris Evans 2001-01-03 00:05:23 UTC 
Oops - I'm not sure I mean user "wnn" (that's jserver), I think I mean
user "bin".
The rest is still all correct, including running as root.
Comment 3 Glen Foster 2001-01-11 21:13:53 UTC 
This defect is considered MUST-FIX for Florence Gold release
Comment 4 Matt Wilson 2001-01-22 17:26:19 UTC 
The Canna and FreeWnn packages are now installed if and only if the user selects
"support Japanese" in the installer.  The default for this is off when running
the installer in a language other than Japanese.

It won't even be installed with an Everything install unless you select to
support Japanese in the installer explicitly.
Note You need to log in before you can comment on or make changes to this bug.