Ralf Ertzinger wrote: > Hi. > > On Thu, 24 Aug 2006 11:04:26 -0400, Neal Becker wrote: > >> http://www.openwall.com/presentations/Owl/mgp00020.html > > Hmmm. What is the advantage of this scheme? The first disadvantage > that springs to my mind is that any attacker that gains user privileges > (browser bug or whatever) can suddenly change the user password. > How is that a disadvantage, compared to existing systems? With previous systems, if you gain user priv you can also change user password. I think the idea of tcb is that's all you can do. No suid root stuff is used. (Honestly, I don't know much about tcb - I just thought it might be of interest) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
