Passwordless accounts vi ports!
Ngie Cooper
yaneurabeya at gmail.com
Thu Aug 11 05:16:49 UTC 2016
> On Aug 10, 2016, at 22:05, O. Hartmann <ohartman at zedat.fu-berlin.de> wrote:
>
> I just checked the security scanning outputs of FreeBSD and found this
> surprising result:
>
> [...]
> Checking for passwordless accounts:
> polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin
> pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin
> saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh
> clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin
> bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin
> [...]
>
> Obviously, some ports install accounts but do not secure them as there is an
> empty password.
>
> I consider this not a feature, but a bug.
saned is the only one that might concern me because the login shell isn't nologin(1).
Cheers,
-Ngie
More information about the freebsd-ports
mailing list