Passwordless accounts vi ports!

O. Hartmann ohartman at
Thu Aug 11 05:05:15 UTC 2016

I just checked the security scanning outputs of FreeBSD and found this
surprising result:

Checking for passwordless accounts:
polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin
pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin
saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh
clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin
bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin

Obviously, some ports install accounts but do not secure them as there is an
empty password.

I consider this not a feature, but a bug.


More information about the freebsd-current mailing list