From owner-freebsd-current@FreeBSD.ORG  Mon Jun 21 16:32:44 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1C00416A4CE
	for <freebsd-current@freebsd.org>;
	Mon, 21 Jun 2004 16:32:44 +0000 (GMT)
Received: from smtps-out1.xs4all.nl (smtps-out1.xs4all.nl [194.109.24.62])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8E7DD43D5E
	for <freebsd-current@freebsd.org>;
	Mon, 21 Jun 2004 16:32:43 +0000 (GMT)
	(envelope-from mhellwig@xs4all.nl)
Received: from xs4all.nl (xinagnet.xs4all.nl [80.126.243.229])
	(authenticated bits=0)i5LGWbdX032510;
	Mon, 21 Jun 2004 18:32:42 +0200 (CEST)
Message-ID: <40D70D99.6050505@xs4all.nl>
Date: Mon, 21 Jun 2004 18:32:25 +0200
From: "Martin P. Hellwig" <mhellwig@xs4all.nl>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040528
X-Accept-Language: en-us, en
MIME-Version: 1.0
References: <20040620134437.P94503@fw.reifenberger.com>
	<20040621105114.G9108@fw.reifenberger.com>
	<200406211639.22243.max@love2party.net>
	<20040621170130.E9602@fw.reifenberger.com>
In-Reply-To: <20040621170130.E9602@fw.reifenberger.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cc: Max Laier <max@love2party.net>
cc: freebsd-current@freebsd.org
Subject: Re: startup error for pflogd
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jun 2004 16:32:44 -0000

Michael Reifenberger wrote:

> On Mon, 21 Jun 2004, Max Laier wrote:
> ...
>
>> I'll try to explain the reasoning behind this. If there are a zillion
>> processes all owned by nobody:nogroup and an attacker manages to obtain
>> control over one of them, the rest might be easy/easier prey. The 
>> evildoer
>> will have better chances to obtain critical resources and maybe root 
>> in the
>> end.
>>
>> This might seem like OpenBSD/paranoia, but my opinion on it is: It's 
>> done so
>> why not port it over? It also helps to keep the diff down (which 
>> means less
>> work).
>>
>
> Wouldn't it make sense to add all _<service> users at once then?
>
Yes voter for this one , from my limited user perspective  this seems 
the logical thing to do.

-- 
mph

$ /usr/local/etc/rc.d/bikeshed.sh
$ Usage, mix UNIX with: {politics|religion|both(=GNU/Linux)}