On Mon, 21 Jun 2004, Max Laier wrote: ... > I'll try to explain the reasoning behind this. If there are a zillion > processes all owned by nobody:nogroup and an attacker manages to obtain > control over one of them, the rest might be easy/easier prey. The evildoer > will have better chances to obtain critical resources and maybe root in the > end. > > This might seem like OpenBSD/paranoia, but my opinion on it is: It's done so > why not port it over? It also helps to keep the diff down (which means less > work). > Wouldn't it make sense to add all _<service> users at once then? Bye/2 --- Michael Reifenberger, Business Development Manager SAP-Basis, Plaut Consulting Comp: Michael.Reifenberger_at_plaut.de | Priv: Michael_at_Reifenberger.com http://www.plaut.de | http://www.Reifenberger.comReceived on Mon Jun 21 2004 - 13:03:25 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:58 UTC