tech-security: Re: Fix for PR security/8069: man(1) vulnerability

Subject: Re: Fix for PR security/8069: man(1) vulnerability
To: None <tech-security@netbsd.org>
From: Christoph Badura <bad@oreilly.de>
List: tech-security
Date: 07/26/1999 06:42:02

tv@pobox.com (Todd Vierling) writes:

>On Mon, 26 Jul 1999, matthew green wrote:
>: on second thoughts, using 'nobody' is kinda hoaky, being defined as
>: the "unauthorised root" user on NFS, this may actually provide more
>: access than you think...

>We need an account which means "not supposed to have any privileges", to
>which root may drop in some programs.  "noaccess", anyone?

daemon:daemon is there precisely for that purpose.
-- 
Christoph Badura					www.netbsd.org

	Anything that can be done in O(N) can be done in O(N^2).
	-- Ralf Schuettau (after looking at a particular piece of code)