From owner-freebsd-ports@freebsd.org Thu Aug 11 05:16:49 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A0B2BB5976; Thu, 11 Aug 2016 05:16:49 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: from mail-pf0-x229.google.com (mail-pf0-x229.google.com [IPv6:2607:f8b0:400e:c00::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DF8601200; Thu, 11 Aug 2016 05:16:48 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: by mail-pf0-x229.google.com with SMTP id y134so23036313pfg.0; Wed, 10 Aug 2016 22:16:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=idZzVd3ovuN36y0bXipkN2D54EEvo6aF2v/8CXgPbM8=; b=kE8AM7l0zJDdnHX33MmaaRmGneRAd3oDaGAKwSqZrcZLdXkQ6H41W49Wmw8XC2woqp P332IlAehUU7URmlS5oe5hhMm5FMeUutooaejAE9iH27JfIxxwW1FN2pOcRGdO8DHRnD wbKRf/3VPy7dl0XxU5AHmJp0dakS7o1b0tyaBBvvJel7fGYkdHclRlndJIEtjDtsczS9 swC1aqrELjd5VN1GQiLgm+q0hmSmDHbUct7oAOQWqW2+WTLSTFerr7IwZrhYTclSJqwo bs/lSxK6V72/tBrWwgCKLoYU6kWzf2mC9Z0D0iHOPXLx+ANLAHHdchDUYa4tuF30MuZu yp8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=idZzVd3ovuN36y0bXipkN2D54EEvo6aF2v/8CXgPbM8=; b=nHNuWL/bYZqIVbMBsxSArGdPgJzmCKUKY7cUvzS7xBO8bYTblHNsjqdTubd/Mvo823 +vQAkW8zqF6INilDcEwqe7BEN7hacxqjdjFIDgNc+Hj4ZeSC3Jlf5J9rdPdhnOj7Fwnz z8Ec/jAJMTdsuHYUPU+V1BukX+0yc4XVwgYuyVyZK0WurXgMqTr4pL/YtQDvNFbwG3/1 by8vcfFRnhDeuVLYJTeGwe7CNSlMRNvva1+V/GWqvpUOKMkQpbmImcMl7P+1Ye50YfUK 2DQTWcQSoRaco+p4L8Si8ZLJpaWdDieqvU+ciA2IF+2ilfXI+nW28PQyyKNaHbya7znn m9Zg== X-Gm-Message-State: AEkoous0WaTlR3kRIkrQMwbh/IUfVpszl/WA764Skme/A8Tot85hxgAfr+jbARLZDDteQQ== X-Received: by 10.98.130.137 with SMTP id w131mr13723259pfd.5.1470892608334; Wed, 10 Aug 2016 22:16:48 -0700 (PDT) Received: from [21.178.125.54] ([172.56.42.110]) by smtp.gmail.com with ESMTPSA id t80sm1263123pfj.38.2016.08.10.22.16.47 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 10 Aug 2016 22:16:47 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: Passwordless accounts vi ports! From: Ngie Cooper X-Mailer: iPhone Mail (13G35) In-Reply-To: <20160811070505.2c1a1466@freyja.zeit4.iv.bundesimmobilien.de> Date: Wed, 10 Aug 2016 22:16:46 -0700 Cc: freebsd-current , freebsd-ports Content-Transfer-Encoding: quoted-printable Message-Id: References: <20160811070505.2c1a1466@freyja.zeit4.iv.bundesimmobilien.de> To: "O. Hartmann" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Aug 2016 05:16:49 -0000 > On Aug 10, 2016, at 22:05, O. Hartmann wrote= : >=20 > I just checked the security scanning outputs of FreeBSD and found this > surprising result: >=20 > [...] > Checking for passwordless accounts: > polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin > pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin > saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh > clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin > bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin > [...] >=20 > Obviously, some ports install accounts but do not secure them as there is a= n > empty password. >=20 > I consider this not a feature, but a bug. saned is the only one that might concern me because the login shell isn't no= login(1). Cheers, -Ngie=