Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
the (commented out) ident from the kmem sandbox.
Note that it is necessary to give each group access it's own uid to
prevent programs running under a single uid from being able to gdb
or otherwise mess with other programs (with different group perms) running
under the same uid.
This commit is contained in:
Matthew Dillon
parent
386794da12
commit
ac48aa416a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=41441
@ -1,4 +1,4 @@
|
||||
# $Id:$
|
||||
# $Id: group,v 1.17 1998/09/13 23:05:46 brian Exp $
|
||||
#
|
||||
wheel:*:0:root
|
||||
daemon:*:1:daemon
|
||||
@ -13,6 +13,7 @@ man:*:9:
|
||||
games:*:13:
|
||||
staff:*:20:root
|
||||
guest:*:31:root
|
||||
bind:*:53:
|
||||
uucp:*:66:
|
||||
xten:*:67:xten
|
||||
dialer:*:68:
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# $Id: inetd.conf,v 1.30 1998/09/30 16:12:40 wosch Exp $
|
||||
# $Id: inetd.conf,v 1.31 1998/11/04 19:42:35 phk Exp $
|
||||
#
|
||||
# Internet server configuration database
|
||||
#
|
||||
@ -12,8 +12,8 @@ finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
|
||||
#exec stream tcp nowait root /usr/libexec/rexecd rexecd
|
||||
#uucpd stream tcp nowait root /usr/libexec/uucpd uucpd
|
||||
#nntp stream tcp nowait usenet /usr/libexec/nntpd nntpd
|
||||
comsat dgram udp wait root /usr/libexec/comsat comsat
|
||||
ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd
|
||||
comsat dgram udp wait tty:tty /usr/libexec/comsat comsat
|
||||
ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd
|
||||
#tftp dgram udp wait nobody /usr/libexec/tftpd tftpd /tftpboot
|
||||
#bootps dgram udp wait root /usr/libexec/bootpd bootpd
|
||||
#
|
||||
@ -67,7 +67,7 @@ ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd
|
||||
#
|
||||
# example entry for the optional ident server
|
||||
#
|
||||
#ident stream tcp wait root /usr/local/sbin/identd identd -w -t120
|
||||
#ident stream tcp wait kmem:kmem /usr/local/sbin/identd identd -w -t120
|
||||
#
|
||||
# example entry for the optional qmail MTA
|
||||
#
|
||||
|
||||
@ -3,9 +3,12 @@ toor:*:0:0::0:0:Bourne-again Superuser:/root:
|
||||
daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin
|
||||
operator:*:2:5::0:0:System &:/usr/guest/operator:/bin/csh
|
||||
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
|
||||
tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
|
||||
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
|
||||
games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
|
||||
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
|
||||
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
|
||||
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
|
||||
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
|
||||
xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
|
||||
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
|
||||
|
||||
Loading…
Reference in New Issue
Block a user