From owner-freebsd-current@FreeBSD.ORG  Mon Jun 21 15:03:25 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4085616A4CE
	for <freebsd-current@freebsd.org>;
	Mon, 21 Jun 2004 15:03:25 +0000 (GMT)
Received: from mailout05.sul.t-online.com (mailout05.sul.t-online.com
	[194.25.134.82])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C7AFB43D41
	for <freebsd-current@freebsd.org>;
	Mon, 21 Jun 2004 15:03:24 +0000 (GMT)
	(envelope-from mike@reifenberger.com)
Received: from fwd11.aul.t-online.de 
	by mailout05.sul.t-online.com with smtp 
	id 1BcQKI-0006nB-03; Mon, 21 Jun 2004 17:03:14 +0200
Received: from fw.reifenberger.com
	(VrqobqZbgevOaedfr9PR3tp8E7CaNdAaqqqxpIlmT4vwNiDlR+JTUc@[84.128.71.74]) by
	fmrl11.sul.t-online.com
	with esmtp id 1BcQKB-2K1E7U0; Mon, 21 Jun 2004 17:03:07 +0200
Received: from localhost (mike@localhost)i5LF36al010450;
	Mon, 21 Jun 2004 17:03:06 +0200 (CEST)
	(envelope-from mike@reifenberger.com)
X-Authentication-Warning: fw.reifenberger.com: mike owned process doing -bs
Date: Mon, 21 Jun 2004 17:03:06 +0200 (CEST)
From: Michael Reifenberger <mike@Reifenberger.com>
To: Max Laier <max@love2party.net>
In-Reply-To: <200406211639.22243.max@love2party.net>
Message-ID: <20040621170130.E9602@fw.reifenberger.com>
References: <20040620134437.P94503@fw.reifenberger.com>
	<20040621105114.G9108@fw.reifenberger.com>
	<200406211639.22243.max@love2party.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Seen: false
X-ID: VrqobqZbgevOaedfr9PR3tp8E7CaNdAaqqqxpIlmT4vwNiDlR+JTUc@t-dialin.net
cc: freebsd-current@freebsd.org
Subject: Re: startup error for pflogd
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jun 2004 15:03:25 -0000

On Mon, 21 Jun 2004, Max Laier wrote:
...
> I'll try to explain the reasoning behind this. If there are a zillion
> processes all owned by nobody:nogroup and an attacker manages to obtain
> control over one of them, the rest might be easy/easier prey. The evildoer
> will have better chances to obtain critical resources and maybe root in the
> end.
>
> This might seem like OpenBSD/paranoia, but my opinion on it is: It's done so
> why not port it over? It also helps to keep the diff down (which means less
> work).
>

Wouldn't it make sense to add all _<service> users at once then?

Bye/2
---
Michael Reifenberger, Business Development Manager SAP-Basis, Plaut Consulting
Comp: Michael.Reifenberger@plaut.de | Priv: Michael@Reifenberger.com
       http://www.plaut.de           |       http://www.Reifenberger.com