From owner-svn-src-all@freebsd.org Thu Mar 26 18:50:34 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B52D02A6D09; Thu, 26 Mar 2020 18:50:34 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48pDZN1N6nz4Qmg; Thu, 26 Mar 2020 18:50:18 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001) id 812D93C0199; Thu, 26 Mar 2020 18:50:08 +0000 (UTC) Date: Thu, 26 Mar 2020 18:50:08 +0000 From: Brooks Davis To: rgrimes@freebsd.org Cc: Brooks Davis , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: Re: svn commit: r359341 - stable/11/etc Message-ID: <20200326185008.GA99303@spindle.one-eyed-alien.net> References: <202003261759.02QHxnOl027458@repo.freebsd.org> <202003261828.02QISpKN038704@gndrsh.dnsmgr.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline In-Reply-To: <202003261828.02QISpKN038704@gndrsh.dnsmgr.net> User-Agent: Mutt/1.9.4 (2018-02-28) X-Rspamd-Queue-Id: 48pDZN1N6nz4Qmg X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of brooks@spindle.one-eyed-alien.net has no SPF policy when checking 199.48.129.229) smtp.mailfrom=brooks@spindle.one-eyed-alien.net X-Spamd-Result: default: False [-6.53 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_FIVE(0.00)[6]; IP_SCORE(-3.63)[ip: (-9.52), ipnet: 199.48.128.0/22(-4.75), asn: 36236(-3.82), country: US(-0.05)]; R_SPF_NA(0.00)[]; SIGNED_PGP(-2.00)[]; FORGED_SENDER(0.30)[brooks@freebsd.org,brooks@spindle.one-eyed-alien.net]; RCVD_COUNT_ZERO(0.00)[0]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:36236, ipnet:199.48.128.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[brooks@freebsd.org,brooks@spindle.one-eyed-alien.net] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2020 18:50:35 -0000 --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 26, 2020 at 11:28:51AM -0700, Rodney W. Grimes wrote: > > Author: brooks > > Date: Thu Mar 26 17:59:48 2020 > > New Revision: 359341 > > URL: https://svnweb.freebsd.org/changeset/base/359341 > >=20 > > Log: > > MFC r359247: > > =20 > > Add the tests user, an unprivileged user from the default kyua config. > > =20 > > This is a preparatory commit for D24103. > > =20 > > Reviewed by: emaste > > Obtained from: CheriBSD > > Sponsored by: DARPA > >=20 > > Modified: > > stable/11/etc/master.passwd > > Directory Properties: > > stable/11/ (props changed) > >=20 > > Modified: stable/11/etc/master.passwd > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > --- stable/11/etc/master.passwd Thu Mar 26 17:58:52 2020 (r359340) > > +++ stable/11/etc/master.passwd Thu Mar 26 17:59:48 2020 (r359341) > > @@ -24,4 +24,5 @@ auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/ > > www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin > > _ypldap:*:160:160::0:0:YP LDAP unprivileged user:/var/empty:/usr/sbin/= nologin > > hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin > > +tests:*:977:65534::0:0:Unprivileged user for tests:/nonexistent:/usr/s= bin/nologin >=20 > This should be group 977. > No one should be a member of group 65534 other than nobody. I'm happy to make this change, but we should be aware this will be moderately disruptive as the current line matches the entry in ports/UIDs so the new entry will conflict with existing passwd files where devel/kyua is installed. -- Brooks --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJefPlfAAoJEKzQXbSebgfAetsH/A/nz9s4HIjI8G+S9dN5OSYb BWTokP6JiLh4+eEFY0a2AQ8iLX8qAeQM4UnkjBu4iFfFruDrobt/u0eKd5NIS8ut CEOKFp4Ev0J9Vck3hcDddsnUj4zPPVinJL2/0PDympV3x3TqC3HQG0nLohHfRS9R sNp887H/gmUI7jz5NSk+b1YHavIif/KNCKp6tca29TGRzNZ+/7OHP/MUjjs0Xi8L H5h9+1sNbm0fz45DeZdL8TFo7u36ZW6X5rzeOyMxT/AC3T01t5blH/YU7NB4ki32 qcCm8yuWi8Mhy5bgdA2Z1A7jfpAlTklGq+AgRQbhuZDu0hId9rHC4EAg55B04QQ= =Q5qQ -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s--