Package: rpcbind Version: 0.2.3-0.5 Severity: normal Hi,
On other distributions, the rpcbind daemon is running as "rpc" user instead than root. Debian maybe should also drop the root privileges after the daemon has started, this would improve the security IMHO. Regards, Laurent Bigonville -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages rpcbind depends on: ii init-system-helpers 1.47 ii libc6 2.24-9 ii libsystemd0 232-12 ii libtirpc1 0.2.5-1.1 ii libwrap0 7.6.q-26 ii lsb-base 9.20161125 rpcbind recommends no packages. rpcbind suggests no packages. -- no debconf information
