Date: Wed, 17 Oct 2001 10:11:34 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: "Andrey A. Chernov" <ache@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc group master.passwd Message-ID: <Pine.NEB.3.96L.1011017100858.30170B-100000@fledge.watson.org> In-Reply-To: <200110171321.f9HDLrP93078@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is good to see -- the whole nobody:nobody thing has worried me for a while, as it's used by a number of daemons to create a shared sandbox, and a failure of one daemon can lead to the failure of all others, as well as potential privilege escalation due to poor sandboxing techniques by any of those daemons. And contrary to popular belief, there is no "magic" interaction between the uid associated with nobody (65534) and the file system. That interaction occurs for ((uid_t)-1), which corresponds to the value 'VNOVAL' and has immensely poor properties due to the design of VOP_SETATTR(). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Wed, 17 Oct 2001, Andrey A. Chernov wrote: > ache 2001/10/17 06:21:53 PDT > > Modified files: > etc group master.passwd > Log: > Add www:www (80:80) for upcoming Apache changes > > Revision Changes Path > 1.20 +2 -1 src/etc/group > 1.26 +2 -1 src/etc/master.passwd > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011017100858.30170B-100000>