From nobody Tue May 09 08:11:04 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QFrTC1JtHz49scQ
	for <ports@mlmmj.nyi.freebsd.org>; Tue,  9 May 2023 08:11:11 +0000 (UTC)
	(envelope-from brooks@spindle.one-eyed-alien.net)
Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QFrTB6BKGz40sN;
	Tue,  9 May 2023 08:11:10 +0000 (UTC)
	(envelope-from brooks@spindle.one-eyed-alien.net)
Authentication-Results: mx1.freebsd.org;
	none
Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001)
	id A28AD3C0199; Tue,  9 May 2023 08:11:04 +0000 (UTC)
Date: Tue, 9 May 2023 08:11:04 +0000
From: Brooks Davis <brooks@freebsd.org>
To: Felix Palmen <zirias@freebsd.org>
Cc: ports@freebsd.org
Subject: Re: Unprivileged default user for "tiny" daemons?
Message-ID: <ZFoAGH3aIMRuPQUE@spindle.one-eyed-alien.net>
References: <hsletitqldfbhrucakzl3vvotkwp7ghfdpuzyty3b4yu3qdn4d@sdjyu6koet2t>
 <axmocd4atpwa6gckwlr6d3xwx3vduhgyzkywv6sbawtmssbgi6@o7dzq6knd4nr>
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <axmocd4atpwa6gckwlr6d3xwx3vduhgyzkywv6sbawtmssbgi6@o7dzq6knd4nr>
X-Rspamd-Queue-Id: 4QFrTB6BKGz40sN
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:36236, ipnet:199.48.128.0/22, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

On Tue, May 09, 2023 at 10:05:15AM +0200, Felix Palmen wrote:
> * Felix Palmen <zirias@FreeBSD.org> [20230508 18:39]:
> > I tend to think now that 'daemon' should really be the way to go when
> > you don't need a dedicated account. Am I overlooking something? Any
> > other comments?
>=20
> Seems I overlooked something indeed:
>=20
> #v+
> $ find [14-jail] \( -user daemon -or -group daemon \)
> [14-jail]/usr/sbin/lpc
> [14-jail]/usr/bin/lprm
> [14-jail]/usr/bin/lpr
> [14-jail]/usr/bin/lpq
> [14-jail]/var/rwho
> [14-jail]/var/spool/mqueue
> [14-jail]/var/spool/lpd
> [14-jail]/var/spool/output
> [14-jail]/var/spool/output/lpd
> [14-jail]/var/spool/opielocks
> [14-jail]/var/at/jobs
> [14-jail]/var/at/spool
> [14-jail]/var/msgs
> #v-
>=20
> So, daemon owns e.g. the print spool...
>=20
> Interestingly, ou even find something owned by nobody in base:
>=20
> #v+
> -rw-r--r--  1 nobody  wheel  0 Jul  8  2021 /var/db/locate.database
> #v-

This seems like a bug.

>=20
> So, takeaway is: There is no safe choice other than allocating a
> dedicated UID for every single daemon, even if it doesn't need to
> own/access any files? Is this really correct?

This is clearly the right choice even it's a bit of a pain.

-- Brooks



>=20
> Cheers, Felix
>=20
> --=20
>  Felix Palmen <zirias@FreeBSD.org>     {private}   felix@palmen-it.de
>  -- ports committer (mentee) --            {web}  http://palmen-it.de
>  {pgp public key}  http://palmen-it.de/pub.txt
>  {pgp fingerprint} 6936 13D5 5BBF 4837 B212  3ACC 54AD E006 9879 F231