startup error for pflogd

Remko Lodder remko at elvandar.org
Mon Jun 21 15:12:30 GMT 2004 

Max and the rest,

Max Laier wrote:

> On Monday 21 June 2004 10:57, Michael Reifenberger wrote:
> 
>>Hi,
>>as it seems is pflogd requiring an user "_pflogd" to work which is not
>>installed by default under FreeBSD.
> 
> 
> Oh, I knew I forgot something :-\

We are all just human ;)

> 
> 
>>As it seems is OpenBSD aggressivly using "_<service>" users.
>>Is this something we should follow?
> 
> 
> I'll try to explain the reasoning behind this. If there are a zillion 
> processes all owned by nobody:nogroup and an attacker manages to obtain 
> control over one of them, the rest might be easy/easier prey. The evildoer 
> will have better chances to obtain critical resources and maybe root in the 
> end.
> 
> This might seem like OpenBSD/paranoia, but my opinion on it is: It's done so 
> why not port it over? It also helps to keep the diff down (which means less 
> work).

I am a YES voter for this one, the less risk with each daemonized 
process, which turns their privileges over to a lesser privileged user ( 
startup as root , switching to _pflogd in this case ) is something i 
really prefer. Prevents potential damage to systems when someone does 
something very evil :)

> 
> If there is no resistance against "yet another user", I will add _pflogd.

Again, you have my go :)

> 
> On a related note: OpenBSD also introduced an ioctl to lock a bpf-descriptor, 
> thus making it less valueable for a possible attacker. This is a sane thing 
> for longrunning processes such as IDS or pflog and I am wondering if we 
> should port it. It's a simple enough thing and I will post diffs on -net 
> later.
> 

We ( well Actually i think that _we_ can be concluded here ;) ) want to 
secure FreeBSD as much as possible, while we don't totally freakout like 
OpenBSD does sometimes (sorry, don't mean to hit some feet now), we can 
adopt some changes in their system to ours, to make accessible devices ( 
applications behind ports ( named? ) but also handlers that have traffic 
passing by ( pflogd ) ) less risky to run ...


-- 
Kind regards,

Remko Lodder                   |remko at elvandar.org
Reporter DSINet                |remko at dsinet.org
Projectleader Mostly-Harmless  |remko at mostly-harmless.nl

More information about the freebsd-current mailing list