From owner-freebsd-current@FreeBSD.ORG Mon Jun 21 14:42:21 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3C1916A4CE for ; Mon, 21 Jun 2004 14:42:21 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55DFD43D31 for ; Mon, 21 Jun 2004 14:42:21 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BcPzt-0004Xt-00; Mon, 21 Jun 2004 16:42:09 +0200 Received: from [84.128.135.165] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1BcPzs-0002rf-00; Mon, 21 Jun 2004 16:42:08 +0200 From: Max Laier To: freebsd-current@freebsd.org Date: Mon, 21 Jun 2004 16:39:10 +0200 User-Agent: KMail/1.6.2 References: <20040620134437.P94503@fw.reifenberger.com> <20040620230350.O1720@fw.reifenberger.com> <20040621105114.G9108@fw.reifenberger.com> In-Reply-To: <20040621105114.G9108@fw.reifenberger.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_aMv1AXkPYyr+Yg8"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200406211639.22243.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 cc: Michael Reifenberger Subject: Re: startup error for pflogd X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jun 2004 14:42:21 -0000 --Boundary-02=_aMv1AXkPYyr+Yg8 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 21 June 2004 10:57, Michael Reifenberger wrote: > Hi, > as it seems is pflogd requiring an user "_pflogd" to work which is not > installed by default under FreeBSD. Oh, I knew I forgot something :-\ > As it seems is OpenBSD aggressivly using "_" users. > Is this something we should follow? I'll try to explain the reasoning behind this. If there are a zillion=20 processes all owned by nobody:nogroup and an attacker manages to obtain=20 control over one of them, the rest might be easy/easier prey. The evildoer= =20 will have better chances to obtain critical resources and maybe root in the= =20 end. This might seem like OpenBSD/paranoia, but my opinion on it is: It's done s= o=20 why not port it over? It also helps to keep the diff down (which means less= =20 work). If there is no resistance against "yet another user", I will add _pflogd. On a related note: OpenBSD also introduced an ioctl to lock a bpf-descripto= r,=20 thus making it less valueable for a possible attacker. This is a sane thing= =20 for longrunning processes such as IDS or pflog and I am wondering if we=20 should port it. It's a simple enough thing and I will post diffs on -net=20 later. =2D-=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Boundary-02=_aMv1AXkPYyr+Yg8 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBA1vMaXyyEoT62BG0RAhwQAJ9tpTMiIg/lbBjyDZAuQlP6zIJEKwCfdBDD 662bq9gi9yz511ZKnbEhOg8= =RRiU -----END PGP SIGNATURE----- --Boundary-02=_aMv1AXkPYyr+Yg8--