I think calling it a security vulnerability is too harsh, there hasn't
been any exploit in Sobby until now. It's unnecessary, though. I'll
take care of it in Debian by providing an init script that uses a system
user for Sobby, with proper usage of session serialization too.
** Changed in: sobby (Ubuntu)
Assignee: (unassigned) => Philipp Kern (pkern)
--
Sobby (the Gobby server) runs as root by default
https://bugs.launchpad.net/bugs/594857
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
