[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RfD: documentation for statically assigned uid and gid

On Fri, Jun 02, 2000 at 12:10:05AM -0800, Ethan Benson wrote:
> On Thu, Jun 01, 2000 at 09:31:03PM -0400, Andrew Pimlott wrote:
> > Giving each such daemon its own user might be a win.  Today, one
> > compromised daemon process can kill all other daemon processes.
> well you can go overboard...

How can you go overboard?  There are 2^16 (for now, more soon) gid's
available, and at most dozens of daemons.  Reusing the daemon group
is a false economy.

> it really depends on how bad it would be
> if all daemon owned processes were killed, or fall under hostile
> control.  

The daemons are surely running for some reason, so each one that is
compromised is a problem.  I would rather have one problem than many


Where is the innovation?  Microsoft, mostly.
- Rob Pike, "Systems Software Research is Irrelevant"

Reply to: