startup error for pflogd
Will Andrews
will at csociety.org
Mon Jun 21 16:17:30 GMT 2004
On Mon, Jun 21, 2004 at 04:39:10PM +0200, Max Laier wrote:
> I'll try to explain the reasoning behind this. If there are a zillion
> processes all owned by nobody:nogroup and an attacker manages to obtain
> control over one of them, the rest might be easy/easier prey. The evildoer
> will have better chances to obtain critical resources and maybe root in the
> end.
I think this is a good approach. In fact, that's what I do on my
public mirror servers, i.e. allocate dedicated users for specific
tasks to eliminate privilege escalation through them.
Regards,
--
wca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040621/753b14a8/attachment.bin
More information about the freebsd-current
mailing list