From owner-freebsd-questions@FreeBSD.ORG Wed Jan 10 12:43:32 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BC58916A40F for ; Wed, 10 Jan 2007 12:43:32 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout4.cac.washington.edu (mxout4.cac.washington.edu [140.142.33.19]) by mx1.freebsd.org (Postfix) with ESMTP id 9BFFA13C45A for ; Wed, 10 Jan 2007 12:43:32 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.9] (may be forged)) by mxout4.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l0AChWgL016122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 10 Jan 2007 04:43:32 -0800 X-Auth-Received: from [192.168.0.101] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l0AChVcJ030143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 10 Jan 2007 04:43:32 -0800 Message-ID: <45A4DF73.4000408@u.washington.edu> Date: Wed, 10 Jan 2007 04:43:31 -0800 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.9 (X11/20070109) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <2cd0a0da0701100424y1f15717es81a7536c1e1e5a9a@mail.gmail.com> In-Reply-To: <2cd0a0da0701100424y1f15717es81a7536c1e1e5a9a@mail.gmail.com> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.1.10.42933 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __LINES_OF_YELLING 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Subject: Re: How dangerous a Standard User could be to a FreeBSD box? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2007 12:43:32 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VeeJay wrote: > Hi > > How dangerous a Standard User could be to a FreeBSD box? Depends on a number of different factors. For example: 1. What you're running. 2. The number of users who have access to the machine. 3. The data being held. 4. How up-to-date the computer is, in particular whether or not any of the programs on the computer have vulnerability issues. 5. What point the computer may serve in a cluster of machines. etc, etc. So, assuming that no vulnerabilities exist or privilege escalation doesn't occur; this can be solved by rebuilding the system when security issues occur--subscribing to security@freebsd.org can solve that, along with directions given in the handbook , auditing your ports regularly with portaudit, and just updating your ports semi-regularly. Also, assuming that the user doesn't use up all available resources on the machine ( limits(1) holds the answers for that question there along with modifying /etc/login.conf ), they should only be able to affect users in their associated groups (assuming group access to data is allowed) or merely themselves. Please be more specific with your questions as they are a bit too open ended. - -Garrett -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpN9zEnKyINQw/HARAjMkAKCiOe2IPdtuDi47AqqHw6tPk7ayQACdHwPy JBlZ20e86iJYsiTZ66Y1LnU= =zG/3 -----END PGP SIGNATURE-----