Re: RfD: documentation for statically assigned uid and gid
On Fri, Jun 02, 2000 at 12:10:05AM -0800, Ethan Benson wrote:
> On Thu, Jun 01, 2000 at 09:31:03PM -0400, Andrew Pimlott wrote:
> > Giving each such daemon its own user might be a win. Today, one
> > compromised daemon process can kill all other daemon processes.
>
> well you can go overboard...
How can you go overboard? There are 2^16 (for now, more soon) gid's
available, and at most dozens of daemons. Reusing the daemon group
is a false economy.
> it really depends on how bad it would be
> if all daemon owned processes were killed, or fall under hostile
> control.
The daemons are surely running for some reason, so each one that is
compromised is a problem. I would rather have one problem than many
problems.
Andrew
--
Where is the innovation? Microsoft, mostly.
- Rob Pike, "Systems Software Research is Irrelevant"
http://www.cs.bell-labs.com/cm/cs/who/rob/utah2000.ps
Reply to: