From owner-cvs-all  Wed Oct 17  7:11:45 2001
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 35EA637B403; Wed, 17 Oct 2001 07:11:38 -0700 (PDT)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id f9HEBZB30194;
	Wed, 17 Oct 2001 10:11:35 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 17 Oct 2001 10:11:34 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: "Andrey A. Chernov" <ache@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/etc group master.passwd
In-Reply-To: <200110171321.f9HDLrP93078@freefall.freebsd.org>
Message-ID: <Pine.NEB.3.96L.1011017100858.30170B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

This is good to see -- the whole nobody:nobody thing has worried me for a
while, as it's used by a number of daemons to create a shared sandbox, and
a failure of one daemon can lead to the failure of all others, as well as
potential privilege escalation due to poor sandboxing techniques by any of
those daemons.

And contrary to popular belief, there is no "magic" interaction between
the uid associated with nobody (65534) and the file system.  That
interaction occurs for ((uid_t)-1), which corresponds to the value
'VNOVAL' and has immensely poor properties due to the design of
VOP_SETATTR().

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Wed, 17 Oct 2001, Andrey A. Chernov wrote:

> ache        2001/10/17 06:21:53 PDT
> 
>   Modified files:
>     etc                  group master.passwd 
>   Log:
>   Add www:www (80:80) for upcoming Apache changes
>   
>   Revision  Changes    Path
>   1.20      +2 -1      src/etc/group
>   1.26      +2 -1      src/etc/master.passwd
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message