[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Logs and Permissions for Daemons

Previously Joey Hess wrote:
> But a lot of these daemons that suddently have their own users don't read
> any files owned by themselves, so there's no reason they shouldn't just run
> as daemon.

I disagree here. From a security perspective it's really good if every
daemon gets its own user. That way if one daemon is compromised the
attacker cannot mess around with others. And there are lots of
interesting ways to mess with other daemons.. (ptrace and see passwords?
insert your own code? stop it and go for the simple DoS-attack? etc.

Those daemons should probably get an entry in the static 60000-64999


 / Generally uninteresting signature - ignore at your convenience  \
| wichert@liacs.nl                    http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Attachment: pgpxwKlpWPSZB.pgp
Description: PGP signature

Reply to: