Date: Thu, 11 Aug 2016 07:05:05 +0200 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: freebsd-current <freebsd-current@freebsd.org>, freebsd-ports <freebsd-ports@freebsd.org> Subject: Passwordless accounts vi ports! Message-ID: <20160811070505.2c1a1466@freyja.zeit4.iv.bundesimmobilien.de>
next in thread | raw e-mail | index | archive | help
I just checked the security scanning outputs of FreeBSD and found this surprising result: [...] Checking for passwordless accounts: polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin [...] Obviously, some ports install accounts but do not secure them as there is an empty password. I consider this not a feature, but a bug. Regards, Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160811070505.2c1a1466>