Re: Privsep
From: Mike Hoskins (mike@adept.org)
Date: 12/10/02
- Next message: Kirk Bailey: "subscribe"
- Previous message: Mike Hoskins: "Re: (slightly OT) IPSec with dynamic IP"
- In reply to: Erick Mechler: "Re: Privsep"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Dec 2002 13:12:01 -0800 (PST) From: Mike Hoskins <mike@adept.org> To: freebsd-security@FreeBSD.ORG
On Tue, 10 Dec 2002, Erick Mechler wrote:
> Privsep is just an sshd thing right now.
<snip>
> As for running Apache as the www user, set
> User www
> Group www
<snip>
This is really the long-standing security premise of 'least privilege'.
<soapbox>
The funny thing is, historically, when people first started saying 'Gee,
we shouldn't run everything as root...' everybody started running things
as 'nobody'. (Hey, it's got low privilges!) Of course that essentially
made a nobody (operator, daemon, bin, etc.) compromise as valuable as a
root compromise.
</soapbox>
Now I think we all agree running daemons as unique users is a good and
relatively "common sense" practice... Just make sure you don't start
clumping too many services into any one user. Also, take care to ensure
that the users running your pocesses (should someone gain that privilege
level) cannot read sensitive data owned by other users running critical
services, etc. Mass acceptance of chroot() is making this much simpler,
but can obviously have it's own problems as well.
-- Mike Hoskins This message is RFC 1855 compliant, mike@adept.org www.adept.org/~mike/pub/rfcs/rfc1855.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Kirk Bailey: "subscribe"
- Previous message: Mike Hoskins: "Re: (slightly OT) IPSec with dynamic IP"
- In reply to: Erick Mechler: "Re: Privsep"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
