startup error for pflogd

[Charles Swiger]

On Jun 21, 2004, at 10:39 AM, Max Laier wrote:
> On Monday 21 June 2004 10:57, Michael Reifenberger wrote:
>> As it seems is OpenBSD aggressivly using "_<service>" users.
>> Is this something we should follow?
>
> I'll try to explain the reasoning behind this. If there are a zillion
> processes all owned by nobody:nogroup and an attacker manages to obtain
> control over one of them, the rest might be easy/easier prey. The 
> evildoer
> will have better chances to obtain critical resources and maybe root 
> in the
> end.

Certainly it's a good idea to run different services under seperate 
users where possible, for exactly the reasons you describe: it helps 
reduce the window of vulnerability if one service is compromised.

However, please note that no processes should be running as nobody, nor 
should any files be owned by nobody.  'nobody' exists so that NFS can 
map unknown and/or untrusted remote root users to a safe UID which is 
not used anywhere else in the system.  Using 'nobody' for other 
purposes can be risky.

-- 
-Chuck