On 11/08/2016 1:16 PM, Ngie Cooper wrote: >> On Aug 10, 2016, at 22:05, O. Hartmann <ohartman_at_zedat.fu-berlin.de> wrote: >> >> I just checked the security scanning outputs of FreeBSD and found this >> surprising result: >> >> [...] >> Checking for passwordless accounts: >> polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin >> pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin >> saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh >> clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin >> bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin >> [...] >> >> Obviously, some ports install accounts but do not secure them as there is an >> empty password. >> >> I consider this not a feature, but a bug. > saned is the only one that might concern me because the login shell isn't nologin(1). but other tools use the password database.. e.g. ftp > > Cheers, > -Ngie > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" >Received on Thu Aug 11 2016 - 04:33:29 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:07 UTC