Passwordless accounts vi ports!
Mathieu Arnold
mat at FreeBSD.org
Thu Aug 11 13:17:57 UTC 2016
+--On 11 août 2016 11:26:58 +0200 Mathieu Arnold <mat at FreeBSD.org> wrote:
|
|
| +--On 11 août 2016 07:05:05 +0200 "O. Hartmann"
| <ohartman at zedat.fu-berlin.de> wrote:
|| I just checked the security scanning outputs of FreeBSD and found this
|| surprising result:
||
|| [...]
|| Checking for passwordless accounts:
|| polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin
|| pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin
|| saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh
|| clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin
|| bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin
|| [...]
||
|| Obviously, some ports install accounts but do not secure them as there is
|| an empty password.
||
|| I consider this not a feature, but a bug.
|
| Mmmm, I rewrote the user/group creation thingie a few months back, a bug
| may have crept in, I'll have a look at it today.
I've tested things on 9, 10 and 11, I can't reproduce that.
--
Mathieu Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20160811/8465add9/attachment.sig>
More information about the freebsd-ports
mailing list