Date: Sun, 2 Nov 1997 11:43:09 -0800 (PST) From: Tom <tom@sdf.com> To: Wolfram Schneider <wosch@cs.tu-berlin.de> Cc: freebsd-hackers@freebsd.org Subject: Re: Suggested addition to /etc/security Message-ID: <Pine.BSF.3.95q.971102113620.17102A-100000@misery.sdf.com> In-Reply-To: <p1izpnn5je7.fsf@panke.panke.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 Nov 1997, Wolfram Schneider wrote: > Tom <tom@sdf.com> writes: > > > > echo "checking for invalid user or group ids:" > > > > find / -nouser -nogroup > > How does this check improve security? > > Also, shouldn't the security script be run under idprio? > > No. find is disk I/O bound. idprio set only the CPU scheduling priority. find is perhaps disk i/o bound, depeding on the speed of the disks and cpu. I notice here that doing just a "find . > /dev/null" rachets up the load quite nicely. More complex find options will hurt even more. Also, chewing up disk i/o bandwidth isn't a good thing either, will hurt other applications. Is it possible to run /etc/security and not have performance degraded during this period? It seems that either the CPU and/or disk bandwith will takes a big hit. > Root-Cron jobs should never started with idprio because a non-root > user process can block the jobs. This is a security risk ;-) > > -- > Wolfram Schneider <wosch@apfel.de> http://www.apfel.de/~wosch/ > > Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.971102113620.17102A-100000>