On Thu, Aug 24, 2006 at 11:43:40AM -0400, Chris Ricker wrote: > On Thu, 24 Aug 2006, Neal Becker wrote: > > > Ralf Ertzinger wrote: > > > > > Hi. > > > > > > On Thu, 24 Aug 2006 11:04:26 -0400, Neal Becker wrote: > > > > > >> http://www.openwall.com/presentations/Owl/mgp00020.html > > > > > > Hmmm. What is the advantage of this scheme? The first disadvantage > > > that springs to my mind is that any attacker that gains user privileges > > > (browser bug or whatever) can suddenly change the user password. > > > > > > > How is that a disadvantage, compared to existing systems? With previous > > systems, if you gain user priv you can also change user password. I think > > the idea of tcb is that's all you can do. No suid root stuff is used. > > (Honestly, I don't know much about tcb - I just thought it might be of > > interest) > > I think Ralf was thinking that tcb would permit something conceptually > along the lines of > > $ vi /etc/tcb/`id -un`/shadow > > to change your existing passwd w/o having to know it > > The permissions on /etc/tcb should prevent that though -- only an sgid > shadow app (the passwd command) can be used.... It's not a bad idea it's probably unlikely that the existing suid passwd has any security problems but you never know. On the other hand many people (probably everyone who has more than a couple machines) can just remove the suid bit from passwd right now without any problems since most likely all their passwords live in kerberos/ldap/nis already. Kostas -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
