From nobody Tue May 09 08:26:27 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QFrpt0qjHz49tZk
	for <ports@mlmmj.nyi.freebsd.org>; Tue,  9 May 2023 08:26:30 +0000 (UTC)
	(envelope-from zirias@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QFrpt0LJGz42yW
	for <ports@freebsd.org>; Tue,  9 May 2023 08:26:30 +0000 (UTC)
	(envelope-from zirias@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1683620790;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=RnS2H1Jjj3ws7k/hf/GlIZh/4PSW/dT0qZ/RbkCUrAY=;
	b=gNsOpXOOZ3jskCC8CDxkKgQP87eyuqXZrkWL2fhwXQv7fqelge9IQhVMZcf+pQYoEYtC5D
	94NV0Aw2zCqvBf1XA4lUbC9w2kkW5EAcCLIo1tljtTStCUcwHzb1Hj7sdUvqcAA2eBl0Mn
	ttr9XL/sCdSQ1ngGvycZTNi+NtSu/8EAKNn555YeFw+U7eUFrOMGmAn2JplPiXuN//Bxho
	KQfQtwDBWk3kqL0RDOkfwLDKemsq1fmcNEOzH11HCipXQynsP51YsEXPhv05PwWtvSmVuH
	uJdrQ0+Rto03ndZfYOcubMUAXrxGG9SM7zFfavAIiKBXqJBFaNrPfjPl7kxMGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1683620790;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=RnS2H1Jjj3ws7k/hf/GlIZh/4PSW/dT0qZ/RbkCUrAY=;
	b=Tsz5CR/+boFF6KQ63eXduOMG5IdG4AHyzDpRyY+m8KcqAsRWUW2UtIStXC0i4iMfAQZNWN
	r2D69o1LaYX7Mv/FFn2uW6LU9c5dRABI+P+D3tOZo6dCXETI1fRYbcqIs8LYIXT3m1hn5c
	79f1XezRBOiHwjE8P4CkwQjQjIXy0kzLwMV0EuiNVoBn3L9jIOULbNpGAou7JURHYsuOFa
	lQeHjG8qxMC69wOpY8moaNrh+rwln6JpB09xXkE0i1F7P1aPyT/4uEFmjjD1oiTDpqlicU
	pEJ7Kr6CFxlrOIhWgCCq5nb+sjt86ZwfFRZ7WIn6W5qojLrN9Z2HzRQgJ8ao9g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1683620790; a=rsa-sha256; cv=none;
	b=Npu1cb0iuLUtxJVSGgZhTlzW17hYR5njC/ICXMe8kYrneljfisQpdMoGhrvEOWm+BBB8Qn
	2XZ7XYrgkNs4yslFuBrVQNbWIPHj5w0HjR9wO1YNIzs9meFwyufhb2EGHhGxUiG5XFP9hH
	+5jyUVFg9HXrrN4TpQVdKgJ0L4Yhi/aFC+VB3/9rOu/nm5uwSdF1nnnzZWdo3+f3X6ySOH
	RSsvWmMV67LelXKjM6fJqGZh9Y5aLeCVYy5RnWK5dSlLL9ZrntpcdKlo6ekiMWRL8GYkuy
	7trTkpy2h/ZL7M5b5VIv1AaGWmtmGoOQS+cWZkq+d1vBXTQjp8Oy45WciuVTqg==
Received: from stef.palmen-it.de (stef.palmen-it.de [IPv6:2001:470:1f0b:bbb:1::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: zirias/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4QFrps6P8Xz1CjK
	for <ports@freebsd.org>; Tue,  9 May 2023 08:26:29 +0000 (UTC)
	(envelope-from zirias@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=palmen-it.de; s=20200414; h=In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
	List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=RnS2H1Jjj3ws7k/hf/GlIZh/4PSW/dT0qZ/RbkCUrAY=; b=U+zygxHjUUFSQnUOeJhqlZQWG/
	IDkzzTRDUPNtpBAaa9gXIjJzxyviNkCv0bkpgWpz+o6/FuCm5EVexj/iVNMMU4AkpQLsd7zd3z5Sf
	usSm5rD8k8JkPrQ3CXugQLcZY9kt3e0zObgqtrO8ecsvq5CrQSkxENHKnVIBL3Y/zR6EQbWByz/Go
	aXa5DvyMBc7OhBy/tyhwtdPXoFlgoGPGpCg5PFbiPpyxNQ3QMODCfsrtIEklN1c5gf30/xseJrH5U
	UVLMcaieFGDLDbn+Yu22mxM3vOdnL1msog88S9wWS26S/FP5NtzrnJcKuJoMwRC26n+yTDqNA3hv+
	rjWsHK3w==;
Received: from [192.168.71.101] (helo=mail.home.palmen-it.de)
	by stef.palmen-it.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <zirias@FreeBSD.org>)
	id 1pwIg0-000lXm-O9
	for ports@freebsd.org; Tue, 09 May 2023 10:26:28 +0200
Received: from nexus.home.palmen-it.de ([192.168.99.2])
	by mail.home.palmen-it.de with esmtpsa  (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256
	(Exim 4.95 (FreeBSD))
	(envelope-from <zirias@FreeBSD.org>)
	id 1pwIfz-000Eck-SN
	for ports@freebsd.org;
	Tue, 09 May 2023 08:26:27 +0000
Date: Tue, 9 May 2023 10:26:27 +0200
From: Felix Palmen <zirias@FreeBSD.org>
To: ports@freebsd.org
Subject: Re: Unprivileged default user for "tiny" daemons?
Message-ID: <7pvzx7x54djblto5nvepsbz5c76xhv2j6zssq7s7pvsjmvypde@jxxnzexifuvo>
X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJ<!xiU\\+>Ca'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M
 i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5
 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R(
Organization: FreeBSD.org
References: <hsletitqldfbhrucakzl3vvotkwp7ghfdpuzyty3b4yu3qdn4d@sdjyu6koet2t>
 <axmocd4atpwa6gckwlr6d3xwx3vduhgyzkywv6sbawtmssbgi6@o7dzq6knd4nr>
 <ZFoAGH3aIMRuPQUE@spindle.one-eyed-alien.net>
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="n4lvbrxz4gb26o3a"
Content-Disposition: inline
In-Reply-To: <ZFoAGH3aIMRuPQUE@spindle.one-eyed-alien.net>
User-Agent: NeoMutt/20230407
X-ThisMailContainsUnwantedMimeParts: N


--n4lvbrxz4gb26o3a
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Brooks Davis <brooks@freebsd.org> [20230509 08:11]:
> On Tue, May 09, 2023 at 10:05:15AM +0200, Felix Palmen wrote:
> > * Felix Palmen <zirias@FreeBSD.org> [20230508 18:39]:
> > So, takeaway is: There is no safe choice other than allocating a
> > dedicated UID for every single daemon, even if it doesn't need to
> > own/access any files? Is this really correct?
>=20
> This is clearly the right choice even it's a bit of a pain.

Thanks for confirming. Well, my concern wasn't the hassle to actually do
that, but more the confusion created by the comment on top of UIDs, and
also the fact that this seems to be a "waste" of precious "uid space"
below 1000 if you don't need any file permissions...

But seems there's indeed no immediate solution here :(

Cheers, Felix

--=20
 Felix Palmen <zirias@FreeBSD.org>     {private}   felix@palmen-it.de
 -- ports committer (mentee) --            {web}  http://palmen-it.de
 {pgp public key}  http://palmen-it.de/pub.txt
 {pgp fingerprint} 6936 13D5 5BBF 4837 B212  3ACC 54AD E006 9879 F231

--n4lvbrxz4gb26o3a
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iNUEABYKAH0WIQRpNhPVW79IN7ISOsxUreAGmHnyMQUCZFoDs18UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Njkz
NjEzRDU1QkJGNDgzN0IyMTIzQUNDNTRBREUwMDY5ODc5RjIzMQAKCRBUreAGmHny
MZ55AP9FQOp2Xf6tNAwRCPjjUAsyUkum1No7y55mDB/9rSqXiAD/TAXi+GbUcrY4
NSgNNO0j/T41voFrR8MifjjFjboc8wg=
=rYj+
-----END PGP SIGNATURE-----

--n4lvbrxz4gb26o3a--