Re: one user per daemon?

To: debian-security <debian-security@lists.debian.org>
Subject: Re: one user per daemon?
From: Adam ENDRODI <borso@vekoll.saturnus.vein.hu>
Date: Sat, 5 Jul 2003 21:17:51 +0200
Message-id: <[🔎] 20030705191751.GA8272@vekoll.saturnus.vein.hu>
In-reply-to: <[🔎] o5g6eb.ee4.ln@news.housecafe.de>
References: <[🔎] o5g6eb.ee4.ln@news.housecafe.de>

On Sat, Jul 05, 2003 at 02:26:24PM +0200, Christian Kujau wrote:
> 
> the things is, when some of the "nobody" processes are compromised, 
> *every* daemon "nobody" has started is in danger to be killed or misused.
>
> /etc/password lists a lot of unused (but somehow standard-)users, they 
> could be used to run processes under a different user id.

On my systems, I have added several accounts dedicated to
programs like snort, spamd, syslogd, tftpd and others.  It's just
as easy as doing an ``adduser --system --no-create-home <foo>''.
Usually, it's a good idea to create a corresponding system group
too.

I think, it's not the default because sometimes process
interaction gets difficult to manage.

bit,
adam

-- 
1024D/37B8D989 954B 998A E5F5 BA2A 3622  82DD 54C2 843D 37B8 D989      
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever

Reply to:

References:
- one user per daemon?
  - From: Christian Kujau <evil@g-house.de>

Prev by Date: one user per daemon?
Next by Date: Re: one user per daemon?
Previous by thread: one user per daemon?
Next by thread: Re: one user per daemon?
Index(es):
- Date
- Thread