MAJOR hole in 5.0

Ian Molton spyro at
Tue Sep 23 16:04:45 PDT 2003


I dont want to steal anyones thunder at all by this but anyone who built
a 5.0pre1 is subject to a pretty major security hole.

the 'nobody' user in /etc/passwd is wrong. anyone building 5.0 should
check this is not screwed on their build.

it SHOULD be:


and not:


hole found by voidcore on IRC.

More information about the lfs-dev mailing list