tech-security: Re: CVS commit: src/etc

Subject: Re: CVS commit: src/etc
To: Jim Wise <jwise@draga.com>
From: Jaromir Dolecek <jdolecek@NetBSD.org>
List: tech-security
Date: 04/07/2005 17:59:19
While we are at it, please rename the PF-specific spamd to pf-spamd or
similar. I'm annoyed to find /etc/spamd.conf after etcupdate or on new
installation.

Jaromir

On Wed, Apr 06, 2005 at 12:37:52PM -0400, Jim Wise wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, 6 Apr 2005, Peter Postma wrote:
> 
> >On Wed, Apr 06, 2005 at 11:20:58AM -0400, Jim Wise wrote:
> >> >Log Message:
> >> >Add _pflogd group.
> >> 
> >> Is there any reason this group cannot be simply `pflogd'?  We don't have 
> >> any other groups with _ in their name...
> >> 
> >
> >The idea is to prefix new system-users/groups with an _, so that they are
> >in their own namespace.
> 
> Really?  Whose idea?  Where was this discussed?  What other groups have 
> we ever introduced this way?
> 
> Please change this group name to pflogd.
> 
> 
> >>> More generally, what does _pflogd have access to that prevents it from 
> >> being subsumed into, e.g. `daemon'?
> >>
> >
> >None. If pflogd(8) gets compromised then no-one can do anything with it
> >because _pflogd has no special privileges and no other program is using the
> >user/group. daemon, however, is used by other programs, so when one of
> >them gets compromised, the others might be easy/easier to compromise too.
> >
> >This maybe sounds like OpenBSD paranoia, but I think it's reasonable to
> >follow this.
> 
> If the goal is to ensure that someone who compromises pflogd does not 
> get access to useful services, it should run as nobody or as daemon.
> 
> I do _not_ think it makes sense to have one group per possible service a 
> host might run -- if we go that, /etc/group will grow very long indeed.
> 
> Let's not just cargo-cult over `security' practices when importing 
> software, _please_.
> 
> - -- 
> 				Jim Wise
> 				jwise@draga.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (NetBSD)
> 
> iD8DBQFCVBBkpRpI6SYACmIRAnI8AJwJPo+blq+4LCAppIddylr0G7NzKgCgone9
> R0JZZdAWrTt0IYNNBAhOG6U=
> =abpO
> -----END PGP SIGNATURE-----

-- 
Jaromir Dolecek <jdolecek@NetBSD.org>            http://www.NetBSD.cz/
-=- We can walk our road together if our goals are all the same;     -=-
-=- We can run alone and free if we pursue a different aim.          -=-