tech-security: Re: Fix for PR security/8069: man(1) vulnerability

Subject: Re: Fix for PR security/8069: man(1) vulnerability
To: None <tech-security@netbsd.org>
From: Simon Burge <simonb@netbsd.org>
List: tech-security
Date: 07/26/1999 14:47:34

Christoph Badura wrote:

> tv@pobox.com (Todd Vierling) writes:
> 
> >On Mon, 26 Jul 1999, matthew green wrote:
> >: on second thoughts, using 'nobody' is kinda hoaky, being defined as
> >: the "unauthorised root" user on NFS, this may actually provide more
> >: access than you think...
> 
> >We need an account which means "not supposed to have any privileges", to
> >which root may drop in some programs.  "noaccess", anyone?
> 
> daemon:daemon is there precisely for that purpose.

Some things are user and/or group daemon - don't we want something
that _no_ file or directory is owned by?

	balrog:~ 5280> grep daemon /NetBSD/src/etc/mtree/NetBSD.dist
	msgs            uname=daemon
	lock            uname=uucp gname=daemon
	uucp            uname=uucp gname=daemon
	uucppublic      uname=uucp gname=daemon mode=01777

Simon.