From owner-freebsd-security Wed Dec 6 8: 8:29 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 6 08:08:27 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.ca (epsilon.lucida.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 7D98F37B400 for ; Wed, 6 Dec 2000 08:08:26 -0800 (PST) Received: (qmail 76315 invoked by uid 1000); 6 Dec 2000 16:08:25 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 6 Dec 2000 16:08:25 -0000 Date: Wed, 6 Dec 2000 11:08:24 -0500 (EST) From: Matt Heckaman X-Sender: matt@epsilon.lucida.ca To: mouss Cc: FreeBSD-SECURITY Subject: Re: nmbclusters (was: the lame advisory) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 6 Dec 2000, Matt Heckaman wrote: ... : For some things yes, but not for most. The daemons that must run as root? : It would be somewhat detrimental to put a restrictive fd limit on root. I : can picture finding a problem, switching to root, and not being able to : type a command because it's out of procs. :) As I hit send, I realize just how stupid this is. I could simply create another uid 0 account with a different login class. duh! Maybe I should not have erased toor from all my machines after all. :) * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE6LmR5dMMtMcA1U5ARAo5OAKCZIKQGwb213MFR5//AxYK/biC19gCgg+ZD HwqRwu5CpLU/X2Yai7aw3jg= =TfAY -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message