From owner-freebsd-hackers  Sun Nov  2 09:04:28 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id JAA00873
          for hackers-outgoing; Sun, 2 Nov 1997 09:04:28 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from mail.cs.tu-berlin.de (root@mail.cs.tu-berlin.de [130.149.17.13])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA00865
          for <freebsd-hackers@freebsd.org>; Sun, 2 Nov 1997 09:04:24 -0800 (PST)
          (envelope-from wosch@cs.tu-berlin.de)
Received: from panke.panke.de (anonymous213.ppp.cs.tu-berlin.de [130.149.17.213])
	by mail.cs.tu-berlin.de (8.8.6/8.8.7) with ESMTP id RAA07947;
	Sun, 2 Nov 1997 17:55:43 +0100 (MET)
Received: (from wosch@localhost) by panke.panke.de (8.8.5/8.6.12) id RAA00256; Sun, 2 Nov 1997 17:51:30 +0100 (MET)
To: Tom <tom@sdf.com>
Cc: freebsd-hackers@freebsd.org
Subject: Re: Suggested addition to /etc/security
References: <Pine.BSF.3.95q.971101164134.15022I-100000@misery.sdf.com>
From: Wolfram Schneider <wosch@cs.tu-berlin.de>
Date: 02 Nov 1997 17:51:28 +0100
In-Reply-To: Tom's message of Sat, 1 Nov 1997 16:43:58 -0800 (PST)
Message-ID: <p1izpnn5je7.fsf@panke.panke.de>
Lines: 13
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Tom <tom@sdf.com> writes:
> > > echo "checking for invalid user or group ids:"
> > > find / -nouser -nogroup
>   How does this check improve security?
>   Also, shouldn't the security script be run under idprio?

No. find is disk I/O bound. idprio set only the CPU scheduling priority.

Root-Cron jobs should never started with idprio because a non-root
user process can block the jobs. This is a security risk ;-)

-- 
Wolfram Schneider   <wosch@apfel.de>   http://www.apfel.de/~wosch/