From owner-freebsd-ports Mon Feb 10 10: 0:23 2003 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32E9337B401 for ; Mon, 10 Feb 2003 10:00:22 -0800 (PST) Received: from 12-234-22-23.client.attbi.com (12-234-22-23.client.attbi.com [12.234.22.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D58F43FE1 for ; Mon, 10 Feb 2003 09:59:46 -0800 (PST) (envelope-from DougB@FreeBSD.org) Received: from dougb.net (zxsyjywk14roafi6@dougb.net [10.0.0.1]) by 12-234-22-23.client.attbi.com (8.12.6/8.12.6) with ESMTP id h1AHxYS8009343; Mon, 10 Feb 2003 09:59:40 -0800 (PST) (envelope-from DougB@FreeBSD.org) Date: Mon, 10 Feb 2003 09:59:34 -0800 (PST) From: Doug Barton To: Kim Scarborough Cc: ports@FreeBSD.org Subject: Re: Problems with new port In-Reply-To: <3E47CC71.3090709@unknown.nu> Message-ID: <20030210095104.U7114@12-234-22-23.pyvrag.nggov.pbz> References: <3E46E0E3.7030708@unknown.nu> <20030210014400.GM6740@vectors.cx> <3E472244.4040004@unknown.nu> <20030209213008.O866@12-234-22-23.pyvrag.nggov.pbz> <3E47CC71.3090709@unknown.nu> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 10 Feb 2003, Kim Scarborough wrote: > > What security problems are you trying to solve by creating a new user, and > > why do you think user nobody isn't a good solution for them? > > If every miscellaneous server runs under ID "nobody", then if there's a hole > in any one of them, all the rest are vulnerable. Which means nothing, since the original design for user nobody is that it not own any files. It should only have access to files that are world readable. That's why the locate database creation happens as user nobody. (IMNSHO it should be chown'ed after it's created, but that's another topic.) > Segregating each server to its own UID limits potential damage. Having individual uid's mitigates damage for foolish sysadmins. > Also, having nobody-owned files is anathema to most sysadmins As well it should be. > (yes, I know nobody owns the locate db, but I also hear complaints about > that quite often), and this port creates some files under the daemon > UID. > > I thought this was all conventional wisdom... isn't this why apache, bind, > sendmail, and sshd all have their own unique unprivileged users? The sshd user is a mistake, IMO. Apache (for the most part), bind and sendmail have unprivileged users because they create files while running as that uid. Does your port create files while running, or does the install script install files as that user by default? If the latter, you can simply install the files owned by root and world readable, then run the daemon as user nobody and achieve the same effect. Hope this helps, Doug -- "The last time France wanted more evidence, it rolled right through Paris with a German flag." - David Letterman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message