Date: Mon, 21 Jun 2004 11:17:29 -0500 From: Will Andrews <will@csociety.org> To: Max Laier <max@love2party.net> Cc: freebsd-current@freebsd.org Subject: Re: startup error for pflogd Message-ID: <20040621161729.GL7956@sirius.firepipe.net> In-Reply-To: <200406211639.22243.max@love2party.net> References: <20040620134437.P94503@fw.reifenberger.com> <20040620230350.O1720@fw.reifenberger.com> <20040621105114.G9108@fw.reifenberger.com> <200406211639.22243.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Mon, Jun 21, 2004 at 04:39:10PM +0200, Max Laier wrote: > I'll try to explain the reasoning behind this. If there are a zillion > processes all owned by nobody:nogroup and an attacker manages to obtain > control over one of them, the rest might be easy/easier prey. The evildoer > will have better chances to obtain critical resources and maybe root in the > end. I think this is a good approach. In fact, that's what I do on my public mirror servers, i.e. allocate dedicated users for specific tasks to eliminate privilege escalation through them. Regards, -- wca [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA1woZF47idPgWcsURAlHZAJ43a1IHDyFguIE1LTcGAHYcEZqIZwCdGkXu 5+aLcb60yudQXWvyvFBcYYo= =52T1 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040621161729.GL7956>