From owner-freebsd-security Tue Dec 10 13:15:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6ECEA37B401 for ; Tue, 10 Dec 2002 13:15:11 -0800 (PST) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E73143EC2 for ; Tue, 10 Dec 2002 13:15:11 -0800 (PST) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 3EC7D1527E; Tue, 10 Dec 2002 13:12:01 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 3E04115247 for ; Tue, 10 Dec 2002 13:12:01 -0800 (PST) Date: Tue, 10 Dec 2002 13:12:01 -0800 (PST) From: Mike Hoskins To: freebsd-security@FreeBSD.ORG Subject: Re: Privsep In-Reply-To: <20021210193659.GI458@techometer.net> Message-ID: <20021210130046.H80252-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 10 Dec 2002, Erick Mechler wrote: > Privsep is just an sshd thing right now. > As for running Apache as the www user, set > User www > Group www This is really the long-standing security premise of 'least privilege'. The funny thing is, historically, when people first started saying 'Gee, we shouldn't run everything as root...' everybody started running things as 'nobody'. (Hey, it's got low privilges!) Of course that essentially made a nobody (operator, daemon, bin, etc.) compromise as valuable as a root compromise. Now I think we all agree running daemons as unique users is a good and relatively "common sense" practice... Just make sure you don't start clumping too many services into any one user. Also, take care to ensure that the users running your pocesses (should someone gain that privilege level) cannot read sensitive data owned by other users running critical services, etc. Mass acceptance of chroot() is making this much simpler, but can obviously have it's own problems as well. -- Mike Hoskins This message is RFC 1855 compliant, mike@adept.org www.adept.org/~mike/pub/rfcs/rfc1855.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message