From nobody Tue May 09 15:28:20 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QG29h1l6Zz4BKBS for ; Tue, 9 May 2023 15:28:24 +0000 (UTC) (envelope-from zirias@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QG29h1G4Mz3qYP for ; Tue, 9 May 2023 15:28:24 +0000 (UTC) (envelope-from zirias@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683646104; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qUsViWvtX55qPy8WPeC0/CTquecHeNjsGDEU5y/8hVs=; b=kU4RBfWeX5XANruu/2ZTkKNXGmxFsBFe21r1zwDAziZIDNhaaMk+EMqstlmwIAtcCSDRxr mang3zUpWbm3enP4HKuFg+BxOmFEXq5lxD+AjnCi/wC3CINJJH2FA85hcAZ3Typtr2r8Mi YnH6IFnAVPK6hravnSq16iJNyPNYmcPEQPGzoK9dgYDMIoZD+3rSjqDNdqfSLlMT2NF0g9 7KFADxMBu166WF6PFeAtgNamfF9b3+gCF6kmGdkGcMig4H/O/dPdXOSO2WJtTzZQC5nCC7 y5dVI/o3qXnKFqjp4KjZKrkOOowq3ye2M7SpqM+TniG+YMAN4EgFVf0U6FQ7Nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683646104; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qUsViWvtX55qPy8WPeC0/CTquecHeNjsGDEU5y/8hVs=; b=HyoL/vjxnyi/PQHa0cmoK4F8YyYxewOjiLGtis+BfS3SBhH/tif9KgtoSeSiwyaYDXOd2Y goDwsC8ZlsDR292tOWu3fxcgo9y1yneI4wEfbk3ucAW8C5LAQ+FCS3OoQayb3RlEcuIaBc ZYBgkTPNp1/vUATrd+gvniNjG+KU5nFlkt7ka4qJY3SzYKC62HRqH+Ug20SdBXaBal7M+K Hk/h9PaadUSuDHk67c++llip/VodL9vZ4d651cPnuievc/wDWPUAM7Bz4PSrWAHkoW6o9G pGBxhXh2l3DaFVGS/BacmEfknAmjI4lEzFudClv36L5YtBaWc/pNClsbP+6l4w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1683646104; a=rsa-sha256; cv=none; b=WMxQaDFGo+VzPbkdPeE+kzZRWRSAjjPQ3OV4uhf5P3GXIb3eVFb8KhBss5WyhLemQnuMMr oyhewQjZIOcyOV8ADR/Giq7eP3kTH8qJhAY+g5f62NTypbBZSBCFE7O8N3S14Ss/ZSXs6P wQOkFxR/9OyjpYnKHN3PP5oabg5jL5cSjro9ziP0r0fb+Q/cV9chXlIbdG+9sRIu6Fgsni R8DF9WCXifac0M32OXNbnrL2eA+XibxbR7Zsqx3b/YOkwpPC90+5Qxuem+cyXkKwdHXiS2 yjVxLm+vbphPHN/HkynMKWHsJAWBgL74Z90cQsMSQtiDvJNBIIjYnpp/w28FOw== Received: from stef.palmen-it.de (stef.palmen-it.de [IPv6:2001:470:1f0b:bbb:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: zirias/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4QG29h0CgwzMfp for ; Tue, 9 May 2023 15:28:24 +0000 (UTC) (envelope-from zirias@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palmen-it.de; s=20200414; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=qUsViWvtX55qPy8WPeC0/CTquecHeNjsGDEU5y/8hVs=; b=weXhJzgBm1kHqImypr4k5Tvxqp 8EpqGjZQl82/TlpdKDdPfeS56B+XUjbI1cS/10xe3YoIzP/jHqRG2S+QY9wRxDUFhc+co7Ewlayjg uRToerz/mtAX659M1cbmkTkQQZabdaxO93DBLXV2CtO7KPxoeDJdJNf2aa2Fga1GWrBwTEm95nhUl MJmeUnIzW9QakfrVZBai8nVju8jl4egBfASNtLXrKCyidl7q1Ih1wIdJzVdijTla0zs3D/oyEDGae qr6rxS27MbnKERhvk/kAVefnK/wecBRyEcWcFWvIpHc8YuErcLGvlqJV1zihFJy1ZE+n43PemAmPF adkwSgzQ==; Received: from [192.168.71.101] (helo=mail.home.palmen-it.de) by stef.palmen-it.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pwPGI-000ncb-OO for ports@freebsd.org; Tue, 09 May 2023 17:28:22 +0200 Received: from nexus.home.palmen-it.de ([192.168.99.2]) by mail.home.palmen-it.de with esmtpsa (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256 (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pwPGH-0003rP-Qp for ports@freebsd.org; Tue, 09 May 2023 15:28:21 +0000 Date: Tue, 9 May 2023 17:28:20 +0200 From: Felix Palmen To: ports@freebsd.org Subject: Re: Unprivileged default user for "tiny" daemons? Message-ID: <5p75fgvxjde4tm3tc2ui5jrhnc6ffxvijgfedcjvaklb3musjm@gwrgr6h7yr5n> Mail-Followup-To: ports@freebsd.org X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJCa'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R( Organization: FreeBSD.org References: <7pvzx7x54djblto5nvepsbz5c76xhv2j6zssq7s7pvsjmvypde@jxxnzexifuvo> <20230509151638.a7oc4os62lilhlkr@mutt-hbsd> List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ejlkleorpryrjjgf" Content-Disposition: inline In-Reply-To: <20230509151638.a7oc4os62lilhlkr@mutt-hbsd> User-Agent: NeoMutt/20230407 X-ThisMailContainsUnwantedMimeParts: N --ejlkleorpryrjjgf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Shawn Webb [20230509 11:16]: > Is there a reason to use a UID below 1000? Why not let `pw` set the > UID/GID for you upon creation of the account? That's what's traditionally reserved for system/service UIDs. And FreeBSD ports use a fixed mapping (see the files UIDs and GIDs in the root of the ports tree), which is nice and simple and effectively prevents accidental UID reuse when uninstalling one service and installing a different one ... > Dedicating a UID/GID to each daemon limits what an attacker can do, > not just from a filesystems perspective, but from the perspective of > other resources, too. One must rememder that debugging facilities like > PTrace and procfs exist and can be (and are) abused for > post-exploitation activities. That's actually a very good point I didn't consider, thanks for the hint! For my own port, I already shaped a commit moving it to a dedicated UID by default, will push it soon. For all the others using 'nobody' right now, we should probably do a cleanup. Cheers, Felix --=20 Felix Palmen {private} felix@palmen-it.de -- ports committer (mentee) -- {web} http://palmen-it.de {pgp public key} http://palmen-it.de/pub.txt {pgp fingerprint} 6936 13D5 5BBF 4837 B212 3ACC 54AD E006 9879 F231 --ejlkleorpryrjjgf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iNUEABYKAH0WIQRpNhPVW79IN7ISOsxUreAGmHnyMQUCZFpmgV8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Njkz NjEzRDU1QkJGNDgzN0IyMTIzQUNDNTRBREUwMDY5ODc5RjIzMQAKCRBUreAGmHny MeDnAQCWr3t/TJDYkBQG7ybt8Ji9B8PFZYRC0IIusubS/eI4ogEA14MwBY4HUMSL GNLZf3vizSNr9TSn41L4oiumgxJMvQw= =h4EJ -----END PGP SIGNATURE----- --ejlkleorpryrjjgf--