by redmail.netbsd.org with SMTP; 29 Dec 1999 22:20:52 -0000
	via sendmail with P:stdio/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <woods@most.weird.com>) 
	id <m123RSS-000g8HC@most.weird.com>
	for tech-security@netbsd.org; Wed, 29 Dec 1999 17:20:40 -0500 (EST)
	(Smail-3.2.0.110-Pre 1999-Oct-27 #9 built 1999-Dec-2)
Message-Id: <m123RSS-000g8HC@most.weird.com>
Date: Wed, 29 Dec 1999 17:20:40 -0500 (EST)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: woods@most.weird.com (Greg A. Woods)
To: tech-security@netbsd.org
Subject: Re: SunOS/Solaris "nobody" UID versus NetBSD's "nobody" UID
In-Reply-To: <19991118122023.D2558@cs.hut.fi>
References: <v04210116b458c2bb6e62@[216.240.40.200]>
	<Pine.GSO.4.05.9911180113060.7482-100000@rfhs8036>
	<19991118122023.D2558@cs.hut.fi>
Reply-To: tech-security@netbsd.org
Organization: Planix, Inc.; Toronto, Ontario; Canada

[[ this may be a duplicate -- found the save-file while cleaning up
   after a crash.... ]]

[ On Thursday, November 18, 1999 at 12:20:23 (+0200), Antti Kantee wrote: ]
> Subject: Re: SunOS/Solaris "nobody" UID versus NetBSD's "nobody" UID
>
> jaddajaddajadda, guess that the uid of nobody is not that standard.

It's actually not important that it be standard unless you create files
owned by that UID and then expect to share them across NFS.

Strictly speaking I think the idea is (was?) that "nobody" should never
own anything or have any more than read access to any files on the
server, and thus any remote client superuser would be unable to mess
with the security of the server.

What is important, at least from my point of view, is that the system
default to mapping remote root accesses onto the same UID as is referred
to as "nobody" in the (possibly local) passwd file.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>