Date: Mon, 10 Feb 2003 09:59:34 -0800 (PST) From: Doug Barton <DougB@FreeBSD.org> To: Kim Scarborough <sluggo@unknown.nu> Cc: ports@FreeBSD.org Subject: Re: Problems with new port Message-ID: <20030210095104.U7114@12-234-22-23.pyvrag.nggov.pbz> In-Reply-To: <3E47CC71.3090709@unknown.nu> References: <3E46E0E3.7030708@unknown.nu> <20030210014400.GM6740@vectors.cx> <3E472244.4040004@unknown.nu> <20030209213008.O866@12-234-22-23.pyvrag.nggov.pbz> <3E47CC71.3090709@unknown.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 Feb 2003, Kim Scarborough wrote:
> > What security problems are you trying to solve by creating a new user, and
> > why do you think user nobody isn't a good solution for them?
>
> If every miscellaneous server runs under ID "nobody", then if there's a hole
> in any one of them, all the rest are vulnerable.
Which means nothing, since the original design for user nobody is that it
not own any files. It should only have access to files that are world
readable. That's why the locate database creation happens as user nobody.
(IMNSHO it should be chown'ed after it's created, but that's another
topic.)
> Segregating each server to its own UID limits potential damage.
Having individual uid's mitigates damage for foolish sysadmins.
> Also, having nobody-owned files is anathema to most sysadmins
As well it should be.
> (yes, I know nobody owns the locate db, but I also hear complaints about
> that quite often), and this port creates some files under the daemon
> UID.
>
> I thought this was all conventional wisdom... isn't this why apache, bind,
> sendmail, and sshd all have their own unique unprivileged users?
The sshd user is a mistake, IMO. Apache (for the most part), bind and
sendmail have unprivileged users because they create files while running
as that uid. Does your port create files while running, or does the
install script install files as that user by default? If the latter, you
can simply install the files owned by root and world readable, then run
the daemon as user nobody and achieve the same effect.
Hope this helps,
Doug
--
"The last time France wanted more evidence, it rolled right
through Paris with a German flag." - David Letterman
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030210095104.U7114>