From owner-freebsd-current@FreeBSD.ORG Mon Jun 21 17:02:40 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A12D716A4CE for ; Mon, 21 Jun 2004 17:02:40 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.89]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9088E43D58 for ; Mon, 21 Jun 2004 17:02:40 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i5LH2T0v018153 for ; Mon, 21 Jun 2004 10:02:29 -0700 (PDT) Received: from [10.1.1.193] (nfw2.codefab.com [199.103.21.225] (may be forged)) (authenticated bits=0) by mac.com (Xserve/smtpin07/MantshX 4.0) with ESMTP id i5LH2SAx012733 for ; Mon, 21 Jun 2004 10:02:28 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v618) In-Reply-To: <200406211639.22243.max@love2party.net> References: <20040620134437.P94503@fw.reifenberger.com> <20040620230350.O1720@fw.reifenberger.com> <20040621105114.G9108@fw.reifenberger.com> <200406211639.22243.max@love2party.net> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org From: Charles Swiger Date: Mon, 21 Jun 2004 13:02:27 -0400 X-Mailer: Apple Mail (2.618) Subject: Re: startup error for pflogd X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jun 2004 17:02:40 -0000 On Jun 21, 2004, at 10:39 AM, Max Laier wrote: > On Monday 21 June 2004 10:57, Michael Reifenberger wrote: >> As it seems is OpenBSD aggressivly using "_" users. >> Is this something we should follow? > > I'll try to explain the reasoning behind this. If there are a zillion > processes all owned by nobody:nogroup and an attacker manages to obtain > control over one of them, the rest might be easy/easier prey. The > evildoer > will have better chances to obtain critical resources and maybe root > in the > end. Certainly it's a good idea to run different services under seperate users where possible, for exactly the reasons you describe: it helps reduce the window of vulnerability if one service is compromised. However, please note that no processes should be running as nobody, nor should any files be owned by nobody. 'nobody' exists so that NFS can map unknown and/or untrusted remote root users to a safe UID which is not used anywhere else in the system. Using 'nobody' for other purposes can be risky. -- -Chuck