From owner-svn-src-stable@freebsd.org Fri Mar 27 00:45:39 2020 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1C99326613C; Fri, 27 Mar 2020 00:45:39 +0000 (UTC) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48pNSK39NJz3DPD; Fri, 27 Mar 2020 00:45:36 +0000 (UTC) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 02R0jR52039830; Thu, 26 Mar 2020 17:45:27 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 02R0jR2G039829; Thu, 26 Mar 2020 17:45:27 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <202003270045.02R0jR2G039829@gndrsh.dnsmgr.net> Subject: Re: svn commit: r359341 - stable/11/etc In-Reply-To: <20200326185008.GA99303@spindle.one-eyed-alien.net> To: Brooks Davis Date: Thu, 26 Mar 2020 17:45:27 -0700 (PDT) CC: rgrimes@freebsd.org, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Reply-To: rgrimes@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 48pNSK39NJz3DPD X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-5.99 / 15.00]; NEURAL_HAM_MEDIUM(-0.99)[-0.993,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; REPLY(-4.00)[] X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Mar 2020 00:45:39 -0000 > On Thu, Mar 26, 2020 at 11:28:51AM -0700, Rodney W. Grimes wrote: > > > Author: brooks > > > Date: Thu Mar 26 17:59:48 2020 > > > New Revision: 359341 > > > URL: https://svnweb.freebsd.org/changeset/base/359341 > > > > > > Log: > > > MFC r359247: > > > > > > Add the tests user, an unprivileged user from the default kyua config. > > > > > > This is a preparatory commit for D24103. > > > > > > Reviewed by: emaste > > > Obtained from: CheriBSD > > > Sponsored by: DARPA > > > > > > Modified: > > > stable/11/etc/master.passwd > > > Directory Properties: > > > stable/11/ (props changed) > > > > > > Modified: stable/11/etc/master.passwd > > > ============================================================================== > > > --- stable/11/etc/master.passwd Thu Mar 26 17:58:52 2020 (r359340) > > > +++ stable/11/etc/master.passwd Thu Mar 26 17:59:48 2020 (r359341) > > > @@ -24,4 +24,5 @@ auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/ > > > www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin > > > _ypldap:*:160:160::0:0:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin > > > hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin > > > +tests:*:977:65534::0:0:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin > > > > This should be group 977. > > No one should be a member of group 65534 other than nobody. > > I'm happy to make this change, but we should be aware this will be > moderately disruptive as the current line matches the entry in ports/UIDs > so the new entry will conflict with existing passwd files where > devel/kyua is installed. It should be corrected all places, the group 65534 is very specific to NFS and no user should ever be given that groupid. The fact this was done in some port makes it no less of a mistake. > -- Brooks -- Rod Grimes rgrimes@freebsd.org