Re: Passwordless accounts vi ports!

From: Julian Elischer <julian_at_freebsd.org>
Date: Thu, 11 Aug 2016 14:33:17 +0800
On 11/08/2016 1:16 PM, Ngie Cooper wrote:
>> On Aug 10, 2016, at 22:05, O. Hartmann <ohartman_at_zedat.fu-berlin.de> wrote:
>>
>> I just checked the security scanning outputs of FreeBSD and found this
>> surprising result:
>>
>> [...]
>> Checking for passwordless accounts:
>> polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin
>> pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin
>> saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh
>> clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin
>> bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin
>> [...]
>>
>> Obviously, some ports install accounts but do not secure them as there is an
>> empty password.
>>
>> I consider this not a feature, but a bug.
> saned is the only one that might concern me because the login shell isn't nologin(1).

but other tools use the password database.. e.g. ftp

>
> Cheers,
> -Ngie
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
>
Received on Thu Aug 11 2016 - 04:33:29 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:07 UTC