Add a _file user and use for privsep, ok deraadt

2025-01-10 06:47:55 -08:00 · 2015-04-27 13:48:06 +00:00 · 2015-04-27 13:48:06 +00:00 · b4aeb3879d
commit b4aeb3879d
parent 8d974f085b
4 changed files with 6 additions and 3 deletions
--- a/etc/group
+++ b/etc/group
@ -61,6 +61,7 @@ _ldapd:*:100:
 _iked:*:101:
 _iscsid:*:102:
 _smtpq:*:103:
+_file:*:104:
 dialer:*:117:
 nogroup:*:32766:
 nobody:*:32767:
--- a/etc/mail/aliases
+++ b/etc/mail/aliases
@ -1,5 +1,5 @@
 #
-#	$OpenBSD: aliases,v 1.47 2014/09/20 09:59:52 ajacoutot Exp $
+#	$OpenBSD: aliases,v 1.48 2015/04/27 13:48:06 nicm Exp $
 #
 #  Aliases in this file will NOT be expanded in the header from
 #  Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
@ -24,6 +24,7 @@ www:	root
 _bgpd: /dev/null
 _dhcp: /dev/null
 _dvmrpd: /dev/null
+_file: /dev/null
 _fingerd: /dev/null
 _ftp: /dev/null
 _hostapd: /dev/null
--- a/etc/master.passwd
+++ b/etc/master.passwd
@ -44,4 +44,5 @@ _ldapd:*:100:100::0:0:LDAP Daemon:/var/empty:/sbin/nologin
 _iked:*:101:101::0:0:IKEv2 Daemon:/var/empty:/sbin/nologin
 _iscsid:*:102:102::0:0:iSCSI Daemon:/var/empty:/sbin/nologin
 _smtpq:*:103:103::0:0:SMTP Daemon:/var/empty:/sbin/nologin
+_file:*:104:104::0:0:file privsep:/var/empty:/sbin/nologin
 nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin
--- a/usr.bin/file/file.h
+++ b/usr.bin/file/file.h
@ -1,4 +1,4 @@
-/* $OpenBSD: file.h,v 1.27 2015/04/27 13:41:45 nicm Exp $ */
+/* $OpenBSD: file.h,v 1.28 2015/04/27 13:48:06 nicm Exp $ */

 /*
 * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@ -23,7 +23,7 @@
 #define FILE_READ_SIZE (256 * 1024)

 /* User to drop privileges to in child process. */
-#define FILE_USER "nobody"
+#define FILE_USER "_file"

 /* text.c */
 const char	*text_get_type(const void *, size_t);