On Fri, Aug 08, 2008 at 04:27:52PM -0400, James Carlson wrote: > Glenn Brunette writes: > > That is a non-starter for many of our customers who are looking for > > unique credentials for each of their services -- especially those > > that may be running under the same OS instance/zone. Not only does > > this help with accountability (syslog and audit) but having unique > > credentials will also help contain a compromise should one > > (unprivileged) service be exploited. If you were running apache and > > mysql (for example) as the same UID, a flaw (w/arbitrary code execution) > > in one could lead to the direct compromise of the other running service. > > Taking away proc_session from each service could help with this however. > > Yes, I think LP is a better answer for limiting damage due to code > flaws.
But it's less obvious. Not that LP shouldn't also be applied, just that it's easier to analyze "runs as new account and with least priv [details...]" than "runs as no access and with least priv [details...]." Any solution that gets us more reserved IDs would be welcome. If Ceri is right then simply raising the current limit -- the easiest way out -- won't be pleasant. This all requires more research. But it's not this case. Where should we move this discussion? Nico --
