From owner-freebsd-current@FreeBSD.ORG Mon Jun 21 15:12:29 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFB3516A4CE for ; Mon, 21 Jun 2004 15:12:29 +0000 (GMT) Received: from mail.elvandar.org (cust.94.120.adsl.cistron.nl [195.64.94.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2496443D1F for ; Mon, 21 Jun 2004 15:12:27 +0000 (GMT) (envelope-from remko@elvandar.org) Received: from [10.0.3.124] (aragorn.lan.elvandar.intranet [10.0.3.124]) by mail.elvandar.org (Postfix) with ESMTP id 00FD410685E; Mon, 21 Jun 2004 17:12:23 +0200 (CEST) Message-ID: <40D6FAD8.2010704@elvandar.org> Date: Mon, 21 Jun 2004 17:12:24 +0200 From: Remko Lodder X-Accept-Language: en-us, en MIME-Version: 1.0 To: Max Laier References: <20040620134437.P94503@fw.reifenberger.com> <20040620230350.O1720@fw.reifenberger.com> <20040621105114.G9108@fw.reifenberger.com> <200406211639.22243.max@love2party.net> In-Reply-To: <200406211639.22243.max@love2party.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at elvandar.org cc: Michael Reifenberger cc: freebsd-current@freebsd.org Subject: Re: startup error for pflogd X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jun 2004 15:12:30 -0000 Max and the rest, Max Laier wrote: > On Monday 21 June 2004 10:57, Michael Reifenberger wrote: > >>Hi, >>as it seems is pflogd requiring an user "_pflogd" to work which is not >>installed by default under FreeBSD. > > > Oh, I knew I forgot something :-\ We are all just human ;) > > >>As it seems is OpenBSD aggressivly using "_" users. >>Is this something we should follow? > > > I'll try to explain the reasoning behind this. If there are a zillion > processes all owned by nobody:nogroup and an attacker manages to obtain > control over one of them, the rest might be easy/easier prey. The evildoer > will have better chances to obtain critical resources and maybe root in the > end. > > This might seem like OpenBSD/paranoia, but my opinion on it is: It's done so > why not port it over? It also helps to keep the diff down (which means less > work). I am a YES voter for this one, the less risk with each daemonized process, which turns their privileges over to a lesser privileged user ( startup as root , switching to _pflogd in this case ) is something i really prefer. Prevents potential damage to systems when someone does something very evil :) > > If there is no resistance against "yet another user", I will add _pflogd. Again, you have my go :) > > On a related note: OpenBSD also introduced an ioctl to lock a bpf-descriptor, > thus making it less valueable for a possible attacker. This is a sane thing > for longrunning processes such as IDS or pflog and I am wondering if we > should port it. It's a simple enough thing and I will post diffs on -net > later. > We ( well Actually i think that _we_ can be concluded here ;) ) want to secure FreeBSD as much as possible, while we don't totally freakout like OpenBSD does sometimes (sorry, don't mean to hit some feet now), we can adopt some changes in their system to ours, to make accessible devices ( applications behind ports ( named? ) but also handlers that have traffic passing by ( pflogd ) ) less risky to run ... -- Kind regards, Remko Lodder |remko@elvandar.org Reporter DSINet |remko@dsinet.org Projectleader Mostly-Harmless |remko@mostly-harmless.nl