Sobby (the Gobby server) runs as root by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sobby (Ubuntu) |
Fix Released
|
Wishlist
|
Philipp Kern |
Bug Description
Binary package hint: sobby
This was asked on the ubuntu-users mailing list: https:/
To check this, I installed sobby and this was what I found:
Immediately after installation
bladernr@
root 13000 0.0 0.0 62828 3588 ? S 17:52 0:00 /usr/bin/sobby
And a restart...
bladernr@
* Stopping sobby [ OK ]
* Starting sobby [ OK ]
bladernr@
root 13555 3.0 0.0 62828 3580 ? S 18:02 0:00 /usr/bin/sobby
I'm not sure what the compromise potential is for sobby, but I really do NOT like services like this running as root. Am I crazy, or shouldn't sobby be running as a non-privileged user like other internet accessible services?
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: sobby 0.4.5-1ubuntu2
ProcVersionSign
Uname: Linux 2.6.32-22-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Tue Jun 15 18:00:48 2010
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
ProcEnviron:
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: sobby
Agreed that sobby should not run as root; another useful thing to do would be to develop an AppArmor profile for it.