From owner-freebsd-security Wed Oct 13 15:56:32 1999 Delivered-To: freebsd-security@freebsd.org Received: from primary.rci.net (mail.rci.net [209.251.132.252]) by hub.freebsd.org (Postfix) with ESMTP id 00F7414F5E for ; Wed, 13 Oct 1999 15:56:11 -0700 (PDT) (envelope-from jar@mail.integratus.com) Received: from integratus.com (162.p1.dialup.gru.net [198.190.223.162]) by primary.rci.net (8.9.3/8.9.3) with ESMTP id SAA78345; Wed, 13 Oct 1999 18:55:33 -0400 (EDT) (envelope-from jar@mail.integratus.com) Message-ID: <38050DF7.768902E7@integratus.com> Date: Wed, 13 Oct 1999 18:55:51 -0400 From: Jack Rusher Organization: Integratus, Inc. X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: James Wyatt , Greg Lewis , freebsd-security@FreeBSD.ORG Subject: Re: FreeSSH References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson wrote: > > "local users SHOULD be given a unique uid >= 1000 -- values less than 1000 > are reserved for built-in accounts, and for add-on packages" or the like. > For the purposes of NFS, it seems desirable that when a package is > installed, it use the same uid consistently? > > I'm not sure the correct course of action is clear in my mind, but > whatever it is, it is certainly security-relevant. It seems to me that an /etc/services style mapping of services to UIDs would be an excellent idea. This sort of standardization would make the world work a little more smoothly. -- Jack Rusher, Chief Engineer | mailto:jar@integratus.com Integratus, Inc. | http://www.integratus.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message