Re: Unprivileged default user for "tiny" daemons?

* Shawn Webb <shawn.webb@hardenedbsd.org> [20230509 11:16]:
> Is there a reason to use a UID below 1000? Why not let `pw` set the
> UID/GID for you upon creation of the account?

That's what's traditionally reserved for system/service UIDs. And
FreeBSD ports use a fixed mapping (see the files UIDs and GIDs in the
root of the ports tree), which is nice and simple and effectively
prevents accidental UID reuse when uninstalling one service and
installing a different one ...

> Dedicating a UID/GID to each daemon limits what an attacker can do,
> not just from a filesystems perspective, but from the perspective of
> other resources, too. One must rememder that debugging facilities like
> PTrace and procfs exist and can be (and are) abused for
> post-exploitation activities.

That's actually a very good point I didn't consider, thanks for the
hint! For my own port, I already shaped a commit moving it to a
dedicated UID by default, will push it soon. For all the others using
'nobody' right now, we should probably do a cleanup.

Cheers, Felix

-- 
 Felix Palmen <zirias@FreeBSD.org>     {private}   felix@palmen-it.de
 -- ports committer (mentee) --            {web}  http://palmen-it.de
 {pgp public key}  http://palmen-it.de/pub.txt
 {pgp fingerprint} 6936 13D5 5BBF 4837 B212  3ACC 54AD E006 9879 F231