On 11/08/2016 1:16 PM, Ngie Cooper wrote:
On Aug 10, 2016, at 22:05, O. Hartmann <ohart...@zedat.fu-berlin.de> wrote:
I just checked the security scanning outputs of FreeBSD and found this
surprising result:
[...]
Checking for passwordless accounts:
polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin
pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin
saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh
clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin
bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin
[...]
Obviously, some ports install accounts but do not secure them as there is an
empty password.
I consider this not a feature, but a bug.
saned is the only one that might concern me because the login shell isn't
nologin(1).
but other tools use the password database.. e.g. ftp
Cheers,
-Ngie
_______________________________________________
freebsd-curr...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
