http://bugzilla.novell.com/show_bug.cgi?id=542051 User suse@tlinx.org added comment http://bugzilla.novell.com/show_bug.cgi?id=542051#c9 L. A. Walsh <suse@tlinx.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |security_vulnerability, | |Systemic Priority|P4 - Low |P3 - Medium Severity|Minor |Normal --- Comment #9 from L. A. Walsh <suse@tlinx.org> 2009-10-09 13:17:29 PDT --- Comments added to bug 540966, title changed to reflect product name. Extra notes added. added tags as security_vulnerability (minor), but unsanitary security practice to have multiple daemons all co-mingling in the 'nobody.nobody' pool Raising this bug's prio P3/Normal (from P4/Minor), since the 'nobody/nobody' issue seems to be systemic.... SuSE should be way past that security detail, IMO, but maybe the security folk I've hung with have overemphasized its importance more than others might consider it....dunno. The group I hung with was also concerned about 'covert' information leakage channels...so that's why this issue is important -- not _usually_ (AFAIK), from a system-corruption problem -- just a system-insecurity. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.