From nobody Tue May 09 08:05:15 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QFrLQ1sPTz49smH for ; Tue, 9 May 2023 08:05:18 +0000 (UTC) (envelope-from zirias@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QFrLQ1Gg4z4016 for ; Tue, 9 May 2023 08:05:18 +0000 (UTC) (envelope-from zirias@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683619518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=D7srYH1OCFVCe3J5SHdpylXVO/KyzlOUWYFpPz8Nq30=; b=Hg0AKXoLYpx2NRH04Esg3UGZ4Iau25sV7aQWj40esbI1LdmSOa1lVfniHURHU1ffxjqU8P xbc5h6u6AxaMGKv6M3xBsnd1NzitKCcAmy9qv1TJ62jUj2eXBRDc38LlHAko/dMUcQP31M jDO2CNLwFBKr+3QznqRIP6T1tfUc69Z3qU/FIT6sslJKlhbrKLeQ2nzHnRg3+P5a0GRTq6 wHdMDZwu/3XpxK8u87C6qAqo3nbPxYxw0l9pHl8hHgLJUnZCTfru066P8Y+k0k6yuGT09G VRW/9GODkos5Q2mMUPuHdnygCD8Mse6YM5L8pVhQ3Zpg61Xtqyp9px+XAJeU0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683619518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=D7srYH1OCFVCe3J5SHdpylXVO/KyzlOUWYFpPz8Nq30=; b=PGzyqC1qIK8HcNrXn+z5KNpTHpkTy8wveEJnCyNtZp6BuRTm1tWqaIqDtxJDmtKYb8ia5U EUnqezBK9SrmFHX3/AMyoYwNgT79wfPuPhN1vK/kzWOIaUn+/YsEjviW8uSnLil44DWM5K pEMNfCrhE82Ri4la7TS2a5vrw4+WQ62SDs7cas7Oujwx6NRg2TFhaH7QFZPhJRe0ZVdMk/ ySZ/4yviXUJxw6KAh5E2DdmwL5ctfnXJt3YoNDG/NEm+MnLltwqsMJ04MT8lexfEmMkQ34 e9JWx0dUV6eXb6hK3o7mJrB8kfuGpl/IYnP5tWGNq2TFv0o4ZwqJC9xoqiXceQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1683619518; a=rsa-sha256; cv=none; b=cDcy7Opfk7Rb5DTiMQGMo3GjpIjCuSQp73GUI8vhN8giIldjh8hNb2cFJTBbuiFxxyR1se gdZYcxB/r4vey96F9yPxBVKMS3b8K5IENzReE3+q1GBgTU2iGp6IiY9jmh31OOQd50LWme puDZESBzIDl6OIjQQ4XEdVNY+StJ8k9X/0KUom+VZfFf3oaibSgmwwLmJ3LXcDgNZWzHdQ MF3f7zOeQBMMDAUd44i6i+7exVAniYSVqPYMKi89+L8kXqrDjQPLU2a0RBsn9CQElMhGcO n16lrr40CFko/Ip0WEu3i9i8o3Ry1b/UMQjDtfMO7LZ9jOkO9ak0hny6GqF4Jg== Received: from stef.palmen-it.de (stef.palmen-it.de [IPv6:2001:470:1f0b:bbb:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: zirias/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4QFrLQ0Dzzz1Cj4 for ; Tue, 9 May 2023 08:05:18 +0000 (UTC) (envelope-from zirias@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palmen-it.de; s=20200414; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=D7srYH1OCFVCe3J5SHdpylXVO/KyzlOUWYFpPz8Nq30=; b=So6xSzFZGInGVE9TJ1Mh31KWpm cxrnaeQzbgKD3/m8Wcug5nObqbzYHDKka4avxh78lDugZ7uvnthzxZy9+Dm8l9T0rD78s2F3fvfBe 1vJsXSad7+sS1ftmMd9dK/j5JhnCS0H64W0JEA1fH5KYHRAFK12Yje82c/fP8061WImUgvqvsr4OP A4efw8dHglCXz8jzQyP4JyMR7q9uI3js8rHpGAE1nBszanuwyIPkYafJ/VI4WbCl/0IYP+os6jBd/ VoZ5PW4Ud6heilJk96kaeutOt9Z9YlkEuKCfZSHl9N0e8Z+tvmW0ao40pIAgUa8/i7YkNJznJ1ekU TbzxxFVA==; Received: from [192.168.71.101] (helo=mail.home.palmen-it.de) by stef.palmen-it.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pwILT-000lTx-QC for ports@freebsd.org; Tue, 09 May 2023 10:05:15 +0200 Received: from nexus.home.palmen-it.de ([192.168.99.2]) by mail.home.palmen-it.de with esmtpsa (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256 (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pwILT-000EOb-Fk for ports@freebsd.org; Tue, 09 May 2023 08:05:15 +0000 Date: Tue, 9 May 2023 10:05:15 +0200 From: Felix Palmen To: ports@freebsd.org Subject: Re: Unprivileged default user for "tiny" daemons? Message-ID: X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJCa'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R( Organization: FreeBSD.org References: List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2wxr5cu6f77lgcic" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20230407 X-ThisMailContainsUnwantedMimeParts: N --2wxr5cu6f77lgcic Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Felix Palmen [20230508 18:39]: > I tend to think now that 'daemon' should really be the way to go when > you don't need a dedicated account. Am I overlooking something? Any > other comments? Seems I overlooked something indeed: #v+ $ find [14-jail] \( -user daemon -or -group daemon \) [14-jail]/usr/sbin/lpc [14-jail]/usr/bin/lprm [14-jail]/usr/bin/lpr [14-jail]/usr/bin/lpq [14-jail]/var/rwho [14-jail]/var/spool/mqueue [14-jail]/var/spool/lpd [14-jail]/var/spool/output [14-jail]/var/spool/output/lpd [14-jail]/var/spool/opielocks [14-jail]/var/at/jobs [14-jail]/var/at/spool [14-jail]/var/msgs #v- So, daemon owns e.g. the print spool... Interestingly, ou even find something owned by nobody in base: #v+ -rw-r--r-- 1 nobody wheel 0 Jul 8 2021 /var/db/locate.database #v- So, takeaway is: There is no safe choice other than allocating a dedicated UID for every single daemon, even if it doesn't need to own/access any files? Is this really correct? Cheers, Felix --=20 Felix Palmen {private} felix@palmen-it.de -- ports committer (mentee) -- {web} http://palmen-it.de {pgp public key} http://palmen-it.de/pub.txt {pgp fingerprint} 6936 13D5 5BBF 4837 B212 3ACC 54AD E006 9879 F231 --2wxr5cu6f77lgcic Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iNUEABYKAH0WIQRpNhPVW79IN7ISOsxUreAGmHnyMQUCZFn+sl8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Njkz NjEzRDU1QkJGNDgzN0IyMTIzQUNDNTRBREUwMDY5ODc5RjIzMQAKCRBUreAGmHny MSYXAQDiQk4QgV113629nco0L+ayXGFXvM2A2h2Aga1vhfuxUAEAs0qi+TVjzjJ/ uDeF6GtDs9ZH6eMtUM8Hp70fY8qRLwI= =LubY -----END PGP SIGNATURE----- --2wxr5cu6f77lgcic--