diff options
| author | dillon <dillon@FreeBSD.org> | 1998-12-01 21:19:49 +0000 |
|---|---|---|
| committer | dillon <dillon@FreeBSD.org> | 1998-12-01 21:19:49 +0000 |
| commit | dd3c1b5f96ce015028c6fef05c18b7afab991229 (patch) | |
| tree | 2e9a5688156a459e1024e2580669edff39dc2b92 | |
| parent | c4e01c66b0dce2d1c3e267d0a0af0fb936d2a2cb (diff) | |
| download | FreeBSD-src-dd3c1b5f96ce015028c6fef05c18b7afab991229.zip FreeBSD-src-dd3c1b5f96ce015028c6fef05c18b7afab991229.tar.gz | |
Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
the (commented out) ident from the kmem sandbox.
Note that it is necessary to give each group access it's own uid to
prevent programs running under a single uid from being able to gdb
or otherwise mess with other programs (with different group perms) running
under the same uid.
| -rw-r--r-- | etc/group | 3 | ||||
| -rw-r--r-- | etc/inetd.conf | 8 | ||||
| -rw-r--r-- | etc/master.passwd | 3 |
3 files changed, 9 insertions, 5 deletions
@@ -1,4 +1,4 @@ -# $Id:$ +# $Id: group,v 1.17 1998/09/13 23:05:46 brian Exp $ # wheel:*:0:root daemon:*:1:daemon @@ -13,6 +13,7 @@ man:*:9: games:*:13: staff:*:20:root guest:*:31:root +bind:*:53: uucp:*:66: xten:*:67:xten dialer:*:68: diff --git a/etc/inetd.conf b/etc/inetd.conf index f058da6..899df7a 100644 --- a/etc/inetd.conf +++ b/etc/inetd.conf @@ -1,4 +1,4 @@ -# $Id: inetd.conf,v 1.30 1998/09/30 16:12:40 wosch Exp $ +# $Id: inetd.conf,v 1.31 1998/11/04 19:42:35 phk Exp $ # # Internet server configuration database # @@ -12,8 +12,8 @@ finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s #exec stream tcp nowait root /usr/libexec/rexecd rexecd #uucpd stream tcp nowait root /usr/libexec/uucpd uucpd #nntp stream tcp nowait usenet /usr/libexec/nntpd nntpd -comsat dgram udp wait root /usr/libexec/comsat comsat -ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd +comsat dgram udp wait tty:tty /usr/libexec/comsat comsat +ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd #tftp dgram udp wait nobody /usr/libexec/tftpd tftpd /tftpboot #bootps dgram udp wait root /usr/libexec/bootpd bootpd # @@ -67,7 +67,7 @@ ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd # # example entry for the optional ident server # -#ident stream tcp wait root /usr/local/sbin/identd identd -w -t120 +#ident stream tcp wait kmem:kmem /usr/local/sbin/identd identd -w -t120 # # example entry for the optional qmail MTA # diff --git a/etc/master.passwd b/etc/master.passwd index fed210d..82d8359 100644 --- a/etc/master.passwd +++ b/etc/master.passwd @@ -3,9 +3,12 @@ toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System &:/usr/guest/operator:/bin/csh bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin +tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin +kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin +bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin |
