Date: Tue, 10 Dec 2002 13:12:01 -0800 (PST) From: Mike Hoskins <mike@adept.org> To: freebsd-security@FreeBSD.ORG Subject: Re: Privsep Message-ID: <20021210130046.H80252-100000@fubar.adept.org> In-Reply-To: <20021210193659.GI458@techometer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Dec 2002, Erick Mechler wrote: > Privsep is just an sshd thing right now. <snip> > As for running Apache as the www user, set > User www > Group www <snip> This is really the long-standing security premise of 'least privilege'. <soapbox> The funny thing is, historically, when people first started saying 'Gee, we shouldn't run everything as root...' everybody started running things as 'nobody'. (Hey, it's got low privilges!) Of course that essentially made a nobody (operator, daemon, bin, etc.) compromise as valuable as a root compromise. </soapbox> Now I think we all agree running daemons as unique users is a good and relatively "common sense" practice... Just make sure you don't start clumping too many services into any one user. Also, take care to ensure that the users running your pocesses (should someone gain that privilege level) cannot read sensitive data owned by other users running critical services, etc. Mass acceptance of chroot() is making this much simpler, but can obviously have it's own problems as well. -- Mike Hoskins This message is RFC 1855 compliant, mike@adept.org www.adept.org/~mike/pub/rfcs/rfc1855.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021210130046.H80252-100000>