Date: Tue, 24 Feb 2004 23:43:37 -0500 From: Richard Coleman <richardcoleman@mindspring.com> To: Kris Kennaway <kris@obsecurity.org> Cc: Christian Brueffer <brueffer@FreeBSD.org> Subject: Re: cvs commit: doc/en_US.ISO8859-1/books/porters-handbook book.sgml Message-ID: <403C27F9.4030203@mindspring.com> In-Reply-To: <20040223214202.GA29948@xor.obsecurity.org> References: <200402232107.i1NL72Aq095075@repoman.freebsd.org> <20040223214202.GA29948@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote: > On Mon, Feb 23, 2004 at 01:07:02PM -0800, Christian Brueffer wrote: > >>brueffer 2004/02/23 13:07:02 PST >> >> FreeBSD doc repository >> >> Modified files: >> en_US.ISO8859-1/books/porters-handbook book.sgml >> Log: >> o Don't claim that all UIDs listed are below 999 >> o Add squid's UID (3128) > > > The upper bound of 999 is so that system administrators can assign > higher uids to their users without running into collisions with ports. > IMO squid must be fixed to stay within the ports namespace - yes, it's > too bad it can't have its magic number of 3128 as a uid, but this will > cause problems for installed systems. > > Kris More importantly, it has (possible) security implications. For instance, the default settings for "suexec" with Apache are such that it will not execute any CGI script as a uid below 1000, since it is assume those are reserved for "system" processes. Most shops that need suexec can easily fix such things. But you get the idea. Richard Coleman richardcoleman@mindspring.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?403C27F9.4030203>