You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Morgan Lindqvist (JIRA)" <ji...@apache.org> on 2016/02/23 00:29:18 UTC

[jira] [Updated] (QPID-7090) qpidd should not use root as user

     [ https://issues.apache.org/jira/browse/QPID-7090?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Morgan Lindqvist updated QPID-7090:
-----------------------------------
    Fix Version/s:     (was: qpid-cpp-next)

> qpidd should not use root as user
> ---------------------------------
>
>                 Key: QPID-7090
>                 URL: https://issues.apache.org/jira/browse/QPID-7090
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: qpid-cpp-0.34
>         Environment: Debian/Ubuntu
>            Reporter: Morgan Lindqvist
>            Priority: Minor
>              Labels: features, security
>
> When using the testing PPA on https://launchpad.net/~qpid to install qpidd the daemon is executed using the user id and group id "root".
> The user id and group id that should be used is "qpidd".
> This will significantly reduce the risk the the daemon can be used to get root access on the server.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org