Re: New user for logcheck
>> kill -9 50 # worse then above(?)
> Depending on the circumstances, that might be an acceptible risk. A DOS
> on a minor part of the system is, IMHO, better than the administrative
> nightmare of wanton uid proliferation. (Especially given that trying to
> prevent all DOS's is a losing battle anyway.)
Well, if you don't care about daemons dying, perhaps you would be
worried about Trojan horses. If I had made telnetd run using a
shared user, and someone obtains access to that user say by exploiting
a hole in another daemon, then that person can wait for a telnetd to
be spawned, and attach to it as Brian pointed out below, then this
person can get the password and access to more user accounts. Worse
yet, if some inexperienced system admin (sounds familiar :) does su,
oops, there goes the root account.
Perhaps a more sinister person might actually modify the memory of
the daemon in question to do something else. Let's take another
one of my packages as an example, pidentd. If it were using a
shared account, then you could do what I just said, and if this
host were a trusted host (as in other hosts are relying on identd
on this machine to authenticate), well you've just spread the
infection.
--
Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Reply to: