From owner-freebsd-security@FreeBSD.ORG Wed Nov 26 09:35:12 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9DDB216A4CE for ; Wed, 26 Nov 2003 09:35:12 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8CA2843F93 for ; Wed, 26 Nov 2003 09:35:11 -0800 (PST) (envelope-from freebsd-security-local@be-well.ilk.org) Received: from be-well.no-ip.com ([66.30.200.37]) by comcast.net (rwcrmhc12) with ESMTP id <20031126173511014007a805e>; Wed, 26 Nov 2003 17:35:11 +0000 Received: by be-well.no-ip.com (Postfix, from userid 1147) id B31E070; Wed, 26 Nov 2003 12:35:06 -0500 (EST) Sender: lowell@be-well.ilk.org To: Mike Tancsa References: <6.0.1.1.0.20031126101602.06e8e9f0@209.112.4.2> <20031126102631.L16087@cithaeron.argolis.org> <6.0.1.1.0.20031126104757.034e1988@209.112.4.2> <6.0.1.1.0.20031126112219.045d4668@209.112.4.2> From: Lowell Gilbert Date: 26 Nov 2003 12:35:06 -0500 In-Reply-To: <6.0.1.1.0.20031126112219.045d4668@209.112.4.2> Message-ID: <44u14rnid1.fsf@be-well.ilk.org> Lines: 12 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Mon, 01 Dec 2003 03:18:31 -0800 cc: freebsd-security@freebsd.org Subject: Re: perms of /dev/uhid0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Nov 2003 17:35:12 -0000 Mike Tancsa writes: > if (!(pwent = getpwnam("nobody"))) > { > fprintf(stderr, "There must be a user called nobody > for this program to work!"); > exit(1); > } It would be safer to create a different user specifically for this purpose. Otherwise, something else running as nobody might have access to more privileges than it was intended for...