Date: 02 Nov 1997 17:51:28 +0100 From: Wolfram Schneider <wosch@cs.tu-berlin.de> To: Tom <tom@sdf.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Suggested addition to /etc/security Message-ID: <p1izpnn5je7.fsf@panke.panke.de> In-Reply-To: Tom's message of Sat, 1 Nov 1997 16:43:58 -0800 (PST) References: <Pine.BSF.3.95q.971101164134.15022I-100000@misery.sdf.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tom <tom@sdf.com> writes: > > > echo "checking for invalid user or group ids:" > > > find / -nouser -nogroup > How does this check improve security? > Also, shouldn't the security script be run under idprio? No. find is disk I/O bound. idprio set only the CPU scheduling priority. Root-Cron jobs should never started with idprio because a non-root user process can block the jobs. This is a security risk ;-) -- Wolfram Schneider <wosch@apfel.de> http://www.apfel.de/~wosch/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p1izpnn5je7.fsf>