On Mon, Jul 18, 2016 at 2:45 PM, Sam Varshavchik <mrsam(a)courier-mta.com> wrote:
Lennart Poettering writes:
> On Fedora, we currently have a "nobody" user that is defined to UID
> 99. It's defined unconditionally like this. To my knowledge there's no
> actual use of this user at all in Fedora however.
I see distccd running as the nobody user.
I also see dnsmasq running as the nobody user.
This practice needs to end. For example, unless the offending code
uses a PID namespace, you can ptrace another 'nobody' process, steal
an fd pointing out of the chroot, and break out.