On Mon, Jun 21, 2004 at 04:39:10PM +0200, Max Laier wrote: > I'll try to explain the reasoning behind this. If there are a zillion > processes all owned by nobody:nogroup and an attacker manages to obtain > control over one of them, the rest might be easy/easier prey. The evildoer > will have better chances to obtain critical resources and maybe root in the > end. I think this is a good approach. In fact, that's what I do on my public mirror servers, i.e. allocate dedicated users for specific tasks to eliminate privilege escalation through them. Regards, -- wca
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:58 UTC