DragonFly users List (threaded) for 2007-03
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
grzela@seculture.com wrote:
Yes, I read the docs and I think this is a quite nice and simple scheme to restrict access and to get rid of a couple of setuid root binaries. We definitely should discuss this. I'm not talking about integrating the sources because I suspect they are GPL, but about the principle itself.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: To be a new DFly commiter
| From: | "Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx> |
| Date: | Sat, 17 Mar 2007 00:05:20 +0100 |
grzela@seculture.com wrote:
c) add support for openwall tcb - the alternative to shadow (with pam module) which is more secure than pam_unix and pam_pwdb, because tools like 'passwd' or 'chage' don't neet SUID, instead it use SGID 'shadow'. Group 'auth' may be used to read-only access to all password hashes.I am not convinced that this improves security. Could you please detail your security considerations? My point is: current tools have been exposed to security audit for over 20 years now, so unless something else is conceptually more secure, chances are high that we should stick with the original system.I made a mistake in this point, SGID shadow can only read users list (can not read/write passwords). SGID auth can read passwords, but can not write it. Every user have its own shadow file whitch is owned by this user. Write to user's shadow file can only this user or root. There is not required SUID root for passwd and related tools. For more you can read on http://openwall.com/tcb/.
Yes, I read the docs and I think this is a quite nice and simple scheme to restrict access and to get rid of a couple of setuid root binaries. We definitely should discuss this. I'm not talking about integrating the sources because I suspect they are GPL, but about the principle itself.
Short for everybody too lazy to read: master.passwd is being split into single per-user files. these are located in per-user dirs with mode $user:auth 710 and the files $user:auth 640. this way only root+user can change the files and therefore the password. only root+user+group auth can read/check the password. don't know about chsh(1) etc.
cheers simon
-- Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\ Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
Attachment:
signature.asc
Description: OpenPGP digital signature
- Follow-Ups:
- Re: To be a new DFly commiter
- From: Grzegorz Błach <grzela@seculture.com>
- Re: To be a new DFly commiter
- From: "Justin C. Sherrill" <justin@shiningsilence.com>
- Re: To be a new DFly commiter
- From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: To be a new DFly commiter
- References:
- To be a new DFly commiter
- From: Grzegorz Błach <grzela@seculture.com>
- Re: To be a new DFly commiter
- From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>
- Re: Re: To be a new DFly commiter
- From: grzela@seculture.com
- To be a new DFly commiter
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]