Passwordless accounts vi ports!

Mathieu Arnold mat at
Thu Aug 11 09:27:01 UTC 2016

+--On 11 août 2016 07:05:05 +0200 "O. Hartmann"
<ohartman at> wrote:
| I just checked the security scanning outputs of FreeBSD and found this
| surprising result:
| [...]
| Checking for passwordless accounts:
| polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin
| pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin
| saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh
| clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin
| bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin
| [...]
| Obviously, some ports install accounts but do not secure them as there is
| an empty password.
| I consider this not a feature, but a bug.

Mmmm, I rewrote the user/group creation thingie a few months back, a bug
may have crept in, I'll have a look at it today.

Mathieu Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <>

More information about the freebsd-current mailing list