Date: Thu, 11 Aug 2016 14:33:17 +0800 From: Julian Elischer <julian@freebsd.org> To: Ngie Cooper <yaneurabeya@gmail.com>, "O. Hartmann" <ohartman@zedat.fu-berlin.de> Cc: freebsd-current <freebsd-current@freebsd.org>, freebsd-ports <freebsd-ports@freebsd.org> Subject: Re: Passwordless accounts vi ports! Message-ID: <d2a05141-4bc8-5576-9cb9-fa4e45054605@freebsd.org> In-Reply-To: <B77B39ED-9A75-4C36-A1F5-4F76CA19E42D@gmail.com> References: <20160811070505.2c1a1466@freyja.zeit4.iv.bundesimmobilien.de> <B77B39ED-9A75-4C36-A1F5-4F76CA19E42D@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/08/2016 1:16 PM, Ngie Cooper wrote: >> On Aug 10, 2016, at 22:05, O. Hartmann <ohartman@zedat.fu-berlin.de> wrote: >> >> I just checked the security scanning outputs of FreeBSD and found this >> surprising result: >> >> [...] >> Checking for passwordless accounts: >> polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin >> pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin >> saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh >> clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin >> bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin >> [...] >> >> Obviously, some ports install accounts but do not secure them as there is an >> empty password. >> >> I consider this not a feature, but a bug. > saned is the only one that might concern me because the login shell isn't nologin(1). but other tools use the password database.. e.g. ftp > > Cheers, > -Ngie > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d2a05141-4bc8-5576-9cb9-fa4e45054605>