uidnobody
No user record in our sample, but uidnobody has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
No user record in our sample, but uidnobody has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
You're just making stuff up here, the OP was sent abuse firstly by pottering and handled the situation quite professionally by providing a detailed overview of the issue he posted and responding to the maintainers…
the op was sent harassing messages and insults by the package maintainer, who are you to demand how and where people discuss security issues? the write up on github is very detailed and identifies a vulnerability added…
OP's advisory on this posted to github https://github.com/hackerhouse-opensource/exploits/blob/mast...
so fix the issue by chown the pty created by systemd and give the OP his dues for pointing the issue out, seems like unnecessary flaming beyond that as to why this can be used to freely hijack root permissions with…
in the case of systemd the pty remains user owned once the root program is attached, this allows any user process to read and hijack the root program. sudo, su and doas ymmv. The suggested fix for systemd is to chown…
3rd example, its a pty permission problem as the OP said in his initial post and he suggested a tested fix. https://x.com/hackerfantastic/status/1786485377617846348
https://x.com/hackerfantastic/status/1786485377617846348 gives a 3rd example to explain the problem and suggests a fix. The pty should be chown() to root after a root program is attached.