Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Jun 2004 16:39:10 +0200
From:      Max Laier <max@love2party.net>
To:        freebsd-current@freebsd.org
Cc:        Michael Reifenberger <mike@Reifenberger.com>
Subject:   Re: startup error for pflogd
Message-ID:  <200406211639.22243.max@love2party.net>
In-Reply-To: <20040621105114.G9108@fw.reifenberger.com>
References:  <20040620134437.P94503@fw.reifenberger.com> <20040620230350.O1720@fw.reifenberger.com> <20040621105114.G9108@fw.reifenberger.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Monday 21 June 2004 10:57, Michael Reifenberger wrote:
> Hi,
> as it seems is pflogd requiring an user "_pflogd" to work which is not
> installed by default under FreeBSD.

Oh, I knew I forgot something :-\

> As it seems is OpenBSD aggressivly using "_<service>" users.
> Is this something we should follow?

I'll try to explain the reasoning behind this. If there are a zillion 
processes all owned by nobody:nogroup and an attacker manages to obtain 
control over one of them, the rest might be easy/easier prey. The evildoer 
will have better chances to obtain critical resources and maybe root in the 
end.

This might seem like OpenBSD/paranoia, but my opinion on it is: It's done so 
why not port it over? It also helps to keep the diff down (which means less 
work).

If there is no resistance against "yet another user", I will add _pflogd.

On a related note: OpenBSD also introduced an ioctl to lock a bpf-descriptor, 
thus making it less valueable for a possible attacker. This is a sane thing 
for longrunning processes such as IDS or pflog and I am wondering if we 
should port it. It's a simple enough thing and I will post diffs on -net 
later.

-- 
Best regards,				| mlaier@freebsd.org
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier@EFnet

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQBA1vMaXyyEoT62BG0RAhwQAJ9tpTMiIg/lbBjyDZAuQlP6zIJEKwCfdBDD
662bq9gi9yz511ZKnbEhOg8=
=RRiU
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406211639.22243.max>