Date: Mon, 21 Jun 2004 13:02:27 -0400 From: Charles Swiger <cswiger@mac.com> Cc: freebsd-current@freebsd.org Subject: Re: startup error for pflogd Message-ID: <C6033B70-C3A4-11D8-BF1C-003065ABFD92@mac.com> In-Reply-To: <200406211639.22243.max@love2party.net> References: <20040620134437.P94503@fw.reifenberger.com> <20040620230350.O1720@fw.reifenberger.com> <20040621105114.G9108@fw.reifenberger.com> <200406211639.22243.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 21, 2004, at 10:39 AM, Max Laier wrote: > On Monday 21 June 2004 10:57, Michael Reifenberger wrote: >> As it seems is OpenBSD aggressivly using "_<service>" users. >> Is this something we should follow? > > I'll try to explain the reasoning behind this. If there are a zillion > processes all owned by nobody:nogroup and an attacker manages to obtain > control over one of them, the rest might be easy/easier prey. The > evildoer > will have better chances to obtain critical resources and maybe root > in the > end. Certainly it's a good idea to run different services under seperate users where possible, for exactly the reasons you describe: it helps reduce the window of vulnerability if one service is compromised. However, please note that no processes should be running as nobody, nor should any files be owned by nobody. 'nobody' exists so that NFS can map unknown and/or untrusted remote root users to a safe UID which is not used anywhere else in the system. Using 'nobody' for other purposes can be risky. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C6033B70-C3A4-11D8-BF1C-003065ABFD92>