From owner-freebsd-security Wed Jan 13 11:05:12 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA02022 for freebsd-security-outgoing; Wed, 13 Jan 1999 11:05:12 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from brooklyn.slack.net (brooklyn.slack.net [206.41.21.102]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA01916 for ; Wed, 13 Jan 1999 11:04:52 -0800 (PST) (envelope-from andrewr@brooklyn.slack.net) Received: from localhost (andrewr@localhost) by brooklyn.slack.net (8.8.7/8.8.7) with SMTP id IAA09729; Wed, 13 Jan 1999 08:54:06 -0500 (EST) Date: Wed, 13 Jan 1999 08:54:06 -0500 (EST) From: andrewr To: Jeroen Ruigrok/Asmodai cc: FreeBSD Security Subject: Re: GIDs for new default system `users' In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 13 Jan 1999, Jeroen Ruigrok/Asmodai wrote: > Hi guys, > > I have a question/remark I am very well concerned with... > > Is there something specific about nogroup btw, that it has this explicit > name? If not, if it's bascially the same as nobody, then I am all in favor > of moving those tty-sandbox and kmem-sandbox to their own group id's for > the sake of security... IMHO, just like qmail, any important service that is running on a machine, should have their own gid. I agree with you on this completely.. however it does seem kind of crazy to just go out and be throwing gid's around to everyone and every thing. -Andrew > > Comments? > > --- > Jeroen Ruigrok van der Werven A veil of smoke is what I am, > asmodai(at)wxs.nl I wait and I wait... > Network/Security Specialist > BSD & picoBSD: The Power to Serve > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message