DragonFly users List (threaded) for 2007-03
DragonFly BSD
DragonFly users List (threaded) for 2007-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: To be a new DFly commiter


From: Grzegorz Błach <grzela@xxxxxxxxxxxxx>
Date: Fri, 16 Mar 2007 18:07:07 +0100

Dnia 16-03-2007, Pt o godzinie 17:45 +0100, Joerg Sonnenberger
napisał(a):
> > c) add support for openwall tcb - the alternative to shadow (with pam
> > module) which is more secure than pam_unix and pam_pwdb, because tools
> > like 'passwd' or 'chage' don't neet SUID, instead it use SGID 'shadow'.
> > Group 'auth' may be used to read-only access to all password hashes.
> 
> HAHA. This is a good one. It is more secure to not run tools which
> manipulate the password db as root? If I can control any of this tools
> to execute code with sgid shadow, I can just manipulate the root record
> anyway. Sorry to be harsh.
>
> Joerg
> 

When you do buffer-overflow in passwd you can exec any code with root priviledges,
but with tcb you must change root password to run code with root priviledges,
and administrator will see this faster.



____________________________________________________________________________
Serwery za 1 zł! 
www.nazwa.pl



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]