From nobody Tue May 09 08:19:39 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QFrg31TcWz49tQR for ; Tue, 9 May 2023 08:19:43 +0000 (UTC) (envelope-from yuri@aetern.org) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4QFrg25ySYz41ZW; Tue, 9 May 2023 08:19:42 +0000 (UTC) (envelope-from yuri@aetern.org) Authentication-Results: mx1.freebsd.org; none Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 515795C014D; Tue, 9 May 2023 04:19:42 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 09 May 2023 04:19:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aetern.org; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm3; t= 1683620382; x=1683706782; bh=T66M4X7/VSumr/Kg9hghI2kgpMl+9EWt3FH Ui77Sf0k=; b=aAZbMiScGm+7Gk+pFagIhnlI3iDfP6h7oAFVD4DmdnPMwAnX8pk IzB/MxeUePBKb5/uCGz63Z0LnvZylC+7Y02BDbZIDioMiJkspCmYAxwcbLgHhCjq pbkzMCDR0+NkOtKEZvr5xYeaxwDB4QoDrwM1BSFqTmhay/F7R2agDqu83XeysUu+ aI7vpt+grRVlEFjDToAmFuWTBMqGVTIvx5LfddfwaeAUocwveVoLNzlqVkjDxeIE 3hcnapx+qVIPb5tA45Cc1R15nIIT9yw9TFDZ7KuDPuH2Msmj4zEF6YBXINvM94Ac FbjqnycD77dQd0tOp1Vr5hNJPdYLAEqLv5A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1683620382; x=1683706782; bh=T66M4X7/VSumr/Kg9hghI2kgpMl+9EWt3FH Ui77Sf0k=; b=iClU2LqHSfbQWiYGaJyZDkp5r8qJDQ4KRslvldujA+RnC4p5WVM MjG9gpC56qnymCGYPIWACPp0Zp8b5yj//+iFFb2ZVMj+WI0EQKxXP1maoUVAt0yS T1Hv5bgxKC0OWBHgmHNXF6+NJbJR2XbdUkZ2uWKX+2UP6AwYqoS0btl9zYdUpuBK IxkVpWv8ejskj0T7vFJAEsdRW1+rM+fISnjmvJD++42r9jiydE1lUvUZnvOW2KDQ TeSsdTIxnU5jYJMgwwvL4g6sUgelvQyj9GfHmtdIyDJCUPUH3KIQRF1/NavKGdF0 KcAAGPLxRyzLEDEDGhmop3OTDkFaSn7E/kQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeegtddgtddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkfffgggfuffvvehfhfgjtgfgsehtkeertddtfeejnecuhfhrohhmpegjuhhr ihcuoeihuhhrihesrggvthgvrhhnrdhorhhgqeenucggtffrrghtthgvrhhnpeeggfeuud egleetgfdvleffgeeutdfgudffudetteegffetleeiiedttdejleffkeenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpeihuhhrihesrggvthgvrh hnrdhorhhg X-ME-Proxy: Feedback-ID: i0d79475b:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 9 May 2023 04:19:41 -0400 (EDT) Message-ID: Date: Tue, 9 May 2023 10:19:39 +0200 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: Re: Unprivileged default user for "tiny" daemons? Content-Language: en-US To: Brooks Davis , Felix Palmen Cc: ports@freebsd.org References: From: Yuri In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4QFrg25ySYz41ZW X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N Brooks Davis wrote: > On Tue, May 09, 2023 at 10:05:15AM +0200, Felix Palmen wrote: >> * Felix Palmen [20230508 18:39]: >>> I tend to think now that 'daemon' should really be the way to go when >>> you don't need a dedicated account. Am I overlooking something? Any >>> other comments? >> >> Seems I overlooked something indeed: >> >> #v+ >> $ find [14-jail] \( -user daemon -or -group daemon \) >> [14-jail]/usr/sbin/lpc >> [14-jail]/usr/bin/lprm >> [14-jail]/usr/bin/lpr >> [14-jail]/usr/bin/lpq >> [14-jail]/var/rwho >> [14-jail]/var/spool/mqueue >> [14-jail]/var/spool/lpd >> [14-jail]/var/spool/output >> [14-jail]/var/spool/output/lpd >> [14-jail]/var/spool/opielocks >> [14-jail]/var/at/jobs >> [14-jail]/var/at/spool >> [14-jail]/var/msgs >> #v- >> >> So, daemon owns e.g. the print spool... >> >> Interestingly, ou even find something owned by nobody in base: >> >> #v+ >> -rw-r--r-- 1 nobody wheel 0 Jul 8 2021 /var/db/locate.database >> #v- > > This seems like a bug. Indeed, it's even in BUGS section in locate(1) :) The locate database is typically built by user “nobody” and the locate.updatedb(8) utility skips directories which are not readable for user “nobody”, group “nobody”, or world. For example, if your HOME directory is not world-readable, none of your files are in the database. >> >> So, takeaway is: There is no safe choice other than allocating a >> dedicated UID for every single daemon, even if it doesn't need to >> own/access any files? Is this really correct? > > This is clearly the right choice even it's a bit of a pain.