Michael Reifenberger wrote: > On Mon, 21 Jun 2004, Max Laier wrote: > ... > >> I'll try to explain the reasoning behind this. If there are a zillion >> processes all owned by nobody:nogroup and an attacker manages to obtain >> control over one of them, the rest might be easy/easier prey. The >> evildoer >> will have better chances to obtain critical resources and maybe root >> in the >> end. >> >> This might seem like OpenBSD/paranoia, but my opinion on it is: It's >> done so >> why not port it over? It also helps to keep the diff down (which >> means less >> work). >> > > Wouldn't it make sense to add all _<service> users at once then? > Yes voter for this one , from my limited user perspective this seems the logical thing to do. -- mph $ /usr/local/etc/rc.d/bikeshed.sh $ Usage, mix UNIX with: {politics|religion|both(=GNU/Linux)}Received on Mon Jun 21 2004 - 14:32:44 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:58 UTC