squid,
samba startup scripts fail to run from base system rcorder
Timur I. Bakeyev
timur at gnu.org
Thu Dec 22 19:52:01 PST 2005
On Thu, Dec 22, 2005 at 12:44:42PM -0800, Brooks Davis wrote:
>
> The values of these comments have no impact on RELENG_5 because rcorder
> is never run on these scripts there. As a rule, servers that don't run
> things as individual users should "# REQUIRE: DAEMON" and those that do
> run things as individual users should "# REQUIRE: LOGIN". After LOGIN
> it should be safe for users to log in. Currently, there's a bug in the
> dependency order in that secure level comes after LOGIN and by design
> it's supposed to come before. This represents a potentially exploitable
> race.
>
> About the only service I can think of that might come before DAEMON
> is an LDAP or similar service that is used to provide local accounts for
> other services. On the whole, that probably shouldn't be the default
> even for such services.
Add here Samba as well or, more exactly, windbindd daemon - it also acts
as nsswitch provider. So, it should fit into the first category.
With regards,
Timur Bakeyev.
More information about the freebsd-ports
mailing list