Bug#997977: /lib/systemd/system/monopd.service:8: Special user nobody configured, this is not safe!
Jason L. Quinn
jason.lee.quinn+debian at gmail.com
Thu Oct 28 07:24:04 BST 2021
Package: monopd
Version: 0.10.2-4
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: jason.lee.quinn+debian at gmail.com, Debian Security Team <team at security.debian.org>
Dear Maintainer,
Recently upgraded from Buster to Bullseye. I'm not perusing
"journalctl --boot" looking for errors and warnings and submitting
bug reports as I tend to do after a Debian upgrade. One of the curious
lines in my journal logs was
/lib/systemd/system/monopd.service:8: Special user nobody configured, this is
not safe!
This does indeed appear to be a valid systemd warning. See commit at
https://github.com/systemd/systemd/commit/bed0b7dfc0070e920d00c89d9a4fd4db8d974cf0
Marked as grave as per bug descriptions in the reportbug tool (introduces a
security hole).
Cheers,
Jason
-- System Information:
Debian Release: 11.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-9-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages monopd depends on:
ii libc6 2.31-13+deb11u2
ii libgcc-s1 10.2.1-6
ii libmuparser2v5 2.2.6.1+dfsg-1
ii libstdc++6 10.2.1-6
ii libsystemd0 247.3-6
ii lsb-base 11.1.0
monopd recommends no packages.
Versions of packages monopd suggests:
ii gtkatlantic 0.6.3-1
More information about the Pkg-games-devel
mailing list