[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the release team: the plans for etch

On Wed, Oct 26, 2005 at 06:29:57PM +0200, Andreas Barth wrote:
> > Problem being, if daemons don't remove their (supposedly exclusive-use)
> > accounts, you can end in two years with 100 unnecessary accounts in a
> > workstation.
> How many daemon packages do you install in two years? I even doubt that
> we have 100 packages that add accounts at all in debian.

Sorry, you'll have to clear up your facts first. How about doing this:

lynx -dump -nolist \
   http://lintian.debian.org/reports/Tmaintainer-script-needs-depends-on-adduser.html | \
   perl -ne 'print $1."\n" if /W: (.*?): /'
grep-available -sPackage -FPre-Depends,Depends adduser | awk '{print $2}'
} | wc -l

( I already posted this recipe in the thread, BTW )

That's 187 packages by my count, and might not cover all cases. Now, we have
a limit of 400 system uids in our current setting (499-100+1, see
adduser.conf) and, from what I'm seeing as part of my security audit work,
*many* *more* packages should be creating system users to run daemons as
low-priviledged users instead of running as root.

So, over 100 currently, and not an issue right now but might be in the future.


Attachment: signature.asc
Description: Digital signature

Reply to: