From nobody Tue May 9 21:12:38 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QG9qG0Vghz49WNY for ; Tue, 9 May 2023 21:12:58 +0000 (UTC) (envelope-from tatsuki_makino@hotmail.com) Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sgaapc01olkn2042.outbound.protection.outlook.com [40.92.53.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QG9qF4209z3Jnj; Tue, 9 May 2023 21:12:57 +0000 (UTC) (envelope-from tatsuki_makino@hotmail.com) Authentication-Results: mx1.freebsd.org; none ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LHBrTVnUoKgBNcA7w0KeQoaiNsVhAl0fhmQD2HNykijL2nlnXM0GS7K8C7IppU+yhw4TTx4TRBspbyaO3j5mWygsBMFq+L7U9/h2PeYyuUwP85xDeE7i0Yy8ReNO/MLXCagWPZVx5+znSUoDEQjalIcfa+e14cZu8Z/mSfnVELUaHiOUQwGPA4WxqANZjLAJ1JzguAB8cPgnrQk3WxLT11Gvako4PFQXYaBjdhjanpiOYsD5FEsqrj7STAZGRLzHmLQ10wP410NkEkMXttyHKcvhXgMOcy2Zintjan4QK2CPP6AvICxUy54Ehun1pldkOeZxLNtuyTPeMElpTr9BJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MCKkajrP3XF4biLHttftojdsFnpxHxXOsfnRtQoeDow=; b=fYnF7b+3OJSrPZtCDG6bCRd6EuPnnjBgsmBjQ+ENKahzXchki8L4D6ch9LiUBKQf8dHwEUO/u5LZphB7kIIctZ9QEcO2NCdYjO8lEjUh/90No3j+NzFG/Ry06gaLhllj+iFocYVZdaYgGdDVj+JR8RduYO3cHgh3YgBWGgnKMpOywwZz/jWtQvteUwjW6vD9qqJWF6QnAKl1vUprtp4VNMsQz+HpAApMcdtj7a60w+h1uMX51RuUBFHILKWrnj3dQ4kVwdg7Qj+I8QOQGnDBurWnCfOJT5P4UcXX+DlPDNdhcXKLJvhBaRW2GzvlgiBfisvPydFpDYXNh6U0RkYnrQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MCKkajrP3XF4biLHttftojdsFnpxHxXOsfnRtQoeDow=; b=EDkPHDOLrJqYsWnRM/DTMpNgD3wZUpWu0Lr9QIi7KRzqOMk8u8/tGpTXHjrNAnUdqE8XYQqoltVTlGbTnoWsP6xkzQZaS3KxZ11rcj50VSLQPC6dXCFKEPam1RXWQ3L2dv1sUf9vxJnM/tFDbNg+uzhLKN2pLndzwnv3mKMRpqSoJRBge5YGGAYwcUpoZH1yH0O7Vr1/OYRMTG8JI49GJMZhyaFon6pgvfC3NkBtAh8YTjTmS/ZFkmAZ/Krnec5EPuE5pcdTyZNhMai7mz5bYZWxjHlbOt5/jXponXE3rRH3saUJEo50+40adBl3GLeKw0EaaUCOqcu7bGqMeBB51A== Received: from PSAPR03MB5639.apcprd03.prod.outlook.com (2603:1096:301:66::13) by SI2PR03MB5547.apcprd03.prod.outlook.com (2603:1096:4:132::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Tue, 9 May 2023 21:12:52 +0000 Received: from PSAPR03MB5639.apcprd03.prod.outlook.com ([fe80::5519:737a:788f:81f8]) by PSAPR03MB5639.apcprd03.prod.outlook.com ([fe80::5519:737a:788f:81f8%5]) with mapi id 15.20.6387.018; Tue, 9 May 2023 21:12:52 +0000 Subject: Re: Unprivileged default user for "tiny" daemons? Cc: Yuri , Brooks Davis , Felix Palmen References: To: ports@freebsd.org From: Tatsuki Makino Message-ID: Date: Wed, 10 May 2023 06:12:38 +0900 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.4 In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-TMN: [+Ksm2tEKF62dRYaz1VYOIOAAYX2yaIo0] X-ClientProxiedBy: SI2PR01CA0016.apcprd01.prod.exchangelabs.com (2603:1096:4:191::20) To PSAPR03MB5639.apcprd03.prod.outlook.com (2603:1096:301:66::13) X-Microsoft-Original-Message-ID: List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PSAPR03MB5639:EE_|SI2PR03MB5547:EE_ X-MS-Office365-Filtering-Correlation-Id: 87b3b11a-52af-43c1-8117-08db50d22619 X-MS-Exchange-SLBlob-MailProps: AZnQBsB9Xmr6PcyLpofOFOY3OlYay91HJCrevhFcLD6FMO2Nz5NTOGV/2ojyPt/Wz568kO6iqvYnNzGajd3QGZJ7gcoq9JPuABgfAn5+pAY5ZASaON+uCA+zKOHBIQz5rR78zY1VfRgryvh3nC7AeiU72FxCNmHASVeVrt/iAZJmarZKmWkAGJfyDtN2WeYnt6QD9DRSMcdVM+X6Mxwkn8emoUE/of73vEZI9U4+tPDy821csKiD4Wv2sdIcINDN2T3yqosAMD+UqOEoC6WvbKdcZdDo61S24fh0k1SCcrd3c3By8XoIi8EP5oMw7sijKz1c1gEcyVGBFI4RIyLSu8w5bHmhG0L/bPxEv5AmkejVEKtHCmUuzQlg1kRdcOy9HUgeKmXjQJX6sccNpQcmgdqiJqikbY2KyC9/UJXNGc2+OfB/7lq6Imy8/ENS59ogzgm6uis+jD46B33wttYPB+pD9iVWfl7Bbe5HvyxG3iEbHsSlWjeG0yV5R1+W6yWJa+VRmF6Am7uGzy4P1tPnC8ckmDAQnplLCbS579ZdWN77dsQNKhIJQ61YsXjnZTqXmFXg1DgQ9QA47p7+Roccu6hF50aikbLrP+y37ulDDNDRLR2mQ1MZeXCR+4AZS6tEsAhi5wraH7Zr7i/wB0lyaopxWU8X3z5YEGs3KTpsSbikT5B/UU+uXgWmwM1u3jf/w4uyrYa+vYCDVr1yAd/k/h4hpTO3q7BrJnrDzqH13siKM99eWQQqhCSgKy63xRVKMtO2TgSL6hE= X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ywmQZIzxvC4KHpoYgW6CtWUfJ91QAcG8ugkZ1JbRUv7gSTeHwrVcev2LgFAJ556Y8w3QJu46h/lq8IW9tlJ4P0L51uvaz4TS+25L2ed0qHMnROSW/K2ugFVrK81eI9p0i0voDTIV8pr1fl8NX/oBYExW+4T6k47J2dyT8WQk+BRV0GLlXsT3JNJftLUIxQjSuSLXQChR77gkXNrzMlx3uqVw0aTEAhHnz8eltJaynHnli6nRZpkR2klm4W6kk1oKPf44sBX3Xm2VMx4YK9v0fQv7II+MaOe65wmmhAw1cEfSrRAFHZxOrbRq0wNDEJVRAxwDh7zoiX16Aibl3tTkzzYKF7ZIhSOOVI54sxxWyifm1lBtSCwx96UTnjIcAaZu9eUOyGKH7T0Ic4gkQdwW6XbdLyRiyuOLTKh/hdST29phdY4ucBu4Oy7GpSxUfMDvTPgja9FZ4S4Cuyc0TI34Z5noN1P5bYnqCvG0GLI7l/iyvCHU4UmpWUhpaSYpL4zCo7Y4T9OBlnG0WPgfXnhM6cpNnnEQZ9qlADEjZg5YsHLlPmz/OibcIOz0cRPgj9vQHd2k5ABMOg6B1pKNEmlg3h9rpuxcswK2EGqEGZ5dukgYw99TIuJQ0WvF9GDLlLB3SnmnAzbPthns3Ho/3Ysh4A== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?eHRtN1FZWUhPd1BpUXpPODM5SzJZTDdRbTE4bmd2UFJSYmRMb1dyT1NhMGEv?= =?utf-8?B?YXZyM3BhaFZvS1h6UEJHSXoxOGNzSDVjOVJxSzFuZjh5T1ZaNmVoSGtjcUdB?= =?utf-8?B?amljSXgvcmhzS1N0emJPdzRsSGozWlhkaGwvVHJ6cmR4T215S0JURmZpWkFq?= =?utf-8?B?c0xrR1I5Y003Zm1XYVRMRXlvbkE0MStLSVMxZXhiK3BYd2gwNWZ4blcyUU44?= =?utf-8?B?ckxHWi8zcFdXblhtaGlleGJheVNpMFhuTVZubW93cVVPM2hzRXhLYVBMcHlS?= =?utf-8?B?emQvTDdwUHNGTjlTZzNaaEppZVJ3NUFVdHpNdU0zQ2NOOE9DK3ZZTGxta0JI?= =?utf-8?B?MWtvY3A3VytXbS9wdXFOQkx3ekFkVnZsTHg4eWFUL0RzR3dQOXo4TTVtV1c0?= =?utf-8?B?WVZJV1dSanNwYVh1d3VwejY1clFXQzNlbnV2Nm1NQkFOOVpGaDc1aW95eWFm?= =?utf-8?B?YzdtdWoxRVo5TWFyTFB5MitYUzRleGZrWHpYemJ0UWpmOVgwOWF4NVFKK2Nn?= =?utf-8?B?YnZTeFNVUDRzZ2J0WlN6cmthQkg1bUo2Q24vTEI3OGVXYkVTYkZsVyt4WjVh?= =?utf-8?B?bTU0ZFVtWGlMekVXaHRlbHVlRHRqeWtVUWZFblRLTTFFaHBrK3JLN2RhS3FX?= =?utf-8?B?YkJFcDFNZUlhamVGRmNiNnprSUd1ZWw4REhlQ2M5US9Bcjh2ZUR0cFRVajlv?= =?utf-8?B?MzhPU1hBVDM4RmRTemticlZiRmdaV2N3ZjZ2dUtnR2tGL2FYdThsUmJFVXhw?= =?utf-8?B?MUpHZ2tTTFZPZU1Fc1l0Q3FtajFrYVNnZC84VGdrYnE5ai80TVAxazNkQUtW?= =?utf-8?B?STRmWENxK3pCRXFiY1hFTnQva05OSzhmMDZFbVNSQWxCZDV2bDE2MmZTRHQ0?= =?utf-8?B?dWpXRzM0QXVNNGNVWlRTc1JkS0NtaG16SWpucGtCeUNhekxyM0xTUThqekls?= =?utf-8?B?SnRUdndpeHRXeUdOVmZDT01RNXRYY1YyVklmY2Fyb2RyL0NxQlVsVTFhMXJH?= =?utf-8?B?bDhKSUdVeW11ZVFIWkNSeGNzSEFqQThjZE5NYVVsa2NxUXVhVlVuTitUNTJC?= =?utf-8?B?UVVYd2hEcGVhMmpnY1hjZmZQRDJacmdNakR1L3ZNVU5WNkRrOTM2VGtlY3pa?= =?utf-8?B?Skt4NEtnSjlzT2NqM3dHRkhPZUdkeEE1SVZUTjI0SFBoTTJQdmJmVTBnblp4?= =?utf-8?B?RzkzUFVwT1NkNE5UVWZpQ2xzUm9MR3d5MWlkdWQzanFHNTAwakVOZ25KMnNu?= =?utf-8?B?aDhrcVptS3RmeFMyd3c3NHQzaEJBNDhvS1FyVUVseVhIMThycDdEQUVBem51?= =?utf-8?B?Qmlodk9CU0NDTFRRTnhnUEswTDcvRnhyMGJaUFZyMEVZMDFYTzEvaDhJLzdi?= =?utf-8?B?K2J2aG1ydGd6RXVRcnpNVVJEZVBsZVhYVVhnTURORWhkdHpRYUpUOGI0Sldl?= =?utf-8?B?ZWxJSTQyZytSU3RWR0xCOGIrWHd2dlptMklyZXFnbWtWajRuZlozVDhwMUNC?= =?utf-8?B?dVlIVnFkZ2U5ckl2ZXAyRFJlVkFERXZEdU40SkE5alBBQ0VrQW1CQUd3TjZS?= =?utf-8?B?MHVSTE0zTEdLT1lFdUFUZHRtNDF2eDVxNjFlN09ncTYwcnJDSTdBSnhkWnZ3?= =?utf-8?Q?WjtqY4BqBpgNVhK6eDbq2DXDRq2N7MMlTVVcJ5mBnbZo=3D?= X-OriginatorOrg: sct-15-20-4734-24-msonline-outlook-c0b75.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 87b3b11a-52af-43c1-8117-08db50d22619 X-MS-Exchange-CrossTenant-AuthSource: PSAPR03MB5639.apcprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 May 2023 21:12:52.0860 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SI2PR03MB5547 X-Rspamd-Queue-Id: 4QG9qF4209z3Jnj X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:8075, ipnet:40.80.0.0/12, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N locate.database is created by /etc/periodic/weekly/310.locate, isn't it? It's behavior is run by nobody. The other thing that is often forgotten is that the group behaves as if a setgid bit has been set up in the directory. Is the idea that one daemon-specific user is sufficient, as long as setegid, seteuid, umask, fileowner, filepermission, and these settings are appropriate, out of date? :) Yuri wrote on 2023/05/09 17:19: > Brooks Davis wrote: >> On Tue, May 09, 2023 at 10:05:15AM +0200, Felix Palmen wrote: >>> * Felix Palmen [20230508 18:39]: >>>> I tend to think now that 'daemon' should really be the way to go when >>>> you don't need a dedicated account. Am I overlooking something? Any >>>> other comments? >>> >>> Seems I overlooked something indeed: >>> >>> #v+ >>> $ find [14-jail] \( -user daemon -or -group daemon \) >>> [14-jail]/usr/sbin/lpc >>> [14-jail]/usr/bin/lprm >>> [14-jail]/usr/bin/lpr >>> [14-jail]/usr/bin/lpq >>> [14-jail]/var/rwho >>> [14-jail]/var/spool/mqueue >>> [14-jail]/var/spool/lpd >>> [14-jail]/var/spool/output >>> [14-jail]/var/spool/output/lpd >>> [14-jail]/var/spool/opielocks >>> [14-jail]/var/at/jobs >>> [14-jail]/var/at/spool >>> [14-jail]/var/msgs >>> #v- >>> >>> So, daemon owns e.g. the print spool... >>> >>> Interestingly, ou even find something owned by nobody in base: >>> >>> #v+ >>> -rw-r--r-- 1 nobody wheel 0 Jul 8 2021 /var/db/locate.database >>> #v- >> >> This seems like a bug. > > Indeed, it's even in BUGS section in locate(1) :) > > The locate database is typically built by user “nobody” and the > locate.updatedb(8) utility skips directories which are not readable for > user “nobody”, group “nobody”, or world. For example, if your HOME > directory is not world-readable, none of your files are in the > database. > >>> >>> So, takeaway is: There is no safe choice other than allocating a >>> dedicated UID for every single daemon, even if it doesn't need to >>> own/access any files? Is this really correct? >> >> This is clearly the right choice even it's a bit of a pain. > >