+--On 11 août 2016 11:26:58 +0200 Mathieu Arnold <mat_at_FreeBSD.org> wrote: | | | +--On 11 août 2016 07:05:05 +0200 "O. Hartmann" | <ohartman_at_zedat.fu-berlin.de> wrote: || I just checked the security scanning outputs of FreeBSD and found this || surprising result: || || [...] || Checking for passwordless accounts: || polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin || pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin || saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh || clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin || bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin || [...] || || Obviously, some ports install accounts but do not secure them as there is || an empty password. || || I consider this not a feature, but a bug. | | Mmmm, I rewrote the user/group creation thingie a few months back, a bug | may have crept in, I'll have a look at it today. I've tested things on 9, 10 and 11, I can't reproduce that. -- Mathieu Arnold
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:07 UTC