Univention Bugzilla – Bug 49043
univention-novnc runs as root
Last modified: 2023-06-28 10:46:15 CEST
/etc/init.d/univention-novnc:49 > start-stop-daemon --start ... --user novnc ... is only a *check*, so `websockify` runs as user 'root'; `--chuid` is the right option to use. Our version of noVNC is quiet old and contains at least one known security vulnerability (Bug #35428: CVE-2013-7436). My current reading is that it cannot be used to get access to the host system. Nevertheless the network facing daemon should not run as user 'root'. UCS technical training 2019-03-21/22
UVMM and virtualization with UCS is deprecated and will no longer be developed in UCS 4.4; they have already been removed from UCS 5.0.