startup error for pflogd

Michael Reifenberger mike at
Mon Jun 21 15:03:25 GMT 2004

On Mon, 21 Jun 2004, Max Laier wrote:
> I'll try to explain the reasoning behind this. If there are a zillion
> processes all owned by nobody:nogroup and an attacker manages to obtain
> control over one of them, the rest might be easy/easier prey. The evildoer
> will have better chances to obtain critical resources and maybe root in the
> end.
> This might seem like OpenBSD/paranoia, but my opinion on it is: It's done so
> why not port it over? It also helps to keep the diff down (which means less
> work).

Wouldn't it make sense to add all _<service> users at once then?

Michael Reifenberger, Business Development Manager SAP-Basis, Plaut Consulting
Comp: Michael.Reifenberger at | Priv: Michael at           |

More information about the freebsd-current mailing list