Re: tcb - the alternative to shadow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 24 Aug 2006, Neal Becker wrote:

> Ralf Ertzinger wrote:
> 
> > Hi.
> > 
> > On Thu, 24 Aug 2006 11:04:26 -0400, Neal Becker wrote:
> > 
> >> http://www.openwall.com/presentations/Owl/mgp00020.html
> > 
> > Hmmm. What is the advantage of this scheme? The first disadvantage
> > that springs to my mind is that any attacker that gains user privileges
> > (browser bug or whatever) can suddenly change the user password.
> > 
> 
> How is that a disadvantage, compared to existing systems?  With previous
> systems, if you gain user priv you can also change user password.  I think
> the idea of tcb is that's all you can do.  No suid root stuff is used. 
> (Honestly, I don't know much about tcb - I just thought it might be of
> interest)

I think Ralf was thinking that tcb would permit something conceptually 
along the lines of

$ vi /etc/tcb/`id -un`/shadow

to change your existing passwd w/o having to know it

The permissions on /etc/tcb should prevent that though -- only an sgid 
shadow app (the passwd command) can be used....

later,
chris

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux