Date: Mon, 21 Jun 2004 17:03:06 +0200 (CEST) From: Michael Reifenberger <mike@Reifenberger.com> To: Max Laier <max@love2party.net> Cc: freebsd-current@freebsd.org Subject: Re: startup error for pflogd Message-ID: <20040621170130.E9602@fw.reifenberger.com> In-Reply-To: <200406211639.22243.max@love2party.net> References: <20040620134437.P94503@fw.reifenberger.com> <20040621105114.G9108@fw.reifenberger.com> <200406211639.22243.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 21 Jun 2004, Max Laier wrote:
...
> I'll try to explain the reasoning behind this. If there are a zillion
> processes all owned by nobody:nogroup and an attacker manages to obtain
> control over one of them, the rest might be easy/easier prey. The evildoer
> will have better chances to obtain critical resources and maybe root in the
> end.
>
> This might seem like OpenBSD/paranoia, but my opinion on it is: It's done so
> why not port it over? It also helps to keep the diff down (which means less
> work).
>
Wouldn't it make sense to add all _<service> users at once then?
Bye/2
---
Michael Reifenberger, Business Development Manager SAP-Basis, Plaut Consulting
Comp: Michael.Reifenberger@plaut.de | Priv: Michael@Reifenberger.com
http://www.plaut.de | http://www.Reifenberger.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040621170130.E9602>