+--On 11 août 2016 11:26:58 +0200 Mathieu Arnold <m...@freebsd.org> wrote: | | | +--On 11 août 2016 07:05:05 +0200 "O. Hartmann" | <ohart...@zedat.fu-berlin.de> wrote: || I just checked the security scanning outputs of FreeBSD and found this || surprising result: || || [...] || Checking for passwordless accounts: || polkitd::565:565::0:0:Polkit Daemon User:/var/empty:/usr/sbin/nologin || pulse::563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin || saned::194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh || clamav::106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin || bacula::910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin || [...] || || Obviously, some ports install accounts but do not secure them as there is || an empty password. || || I consider this not a feature, but a bug. | | Mmmm, I rewrote the user/group creation thingie a few months back, a bug | may have crept in, I'll have a look at it today.
I've tested things on 9, 10 and 11, I can't reproduce that. -- Mathieu Arnold
pgpZ5IL0L1S4l.pgp
Description: PGP signature
