To be a new DFly commiter
Grzegorz Błach
grzela at seculture.com
Fri Mar 16 10:10:43 PDT 2007
Dnia 16-03-2007, Pt o godzinie 17:45 +0100, Joerg Sonnenberger
napisał(a):
> > c) add support for openwall tcb - the alternative to shadow (with pam
> > module) which is more secure than pam_unix and pam_pwdb, because tools
> > like 'passwd' or 'chage' don't neet SUID, instead it use SGID 'shadow'.
> > Group 'auth' may be used to read-only access to all password hashes.
>
> HAHA. This is a good one. It is more secure to not run tools which
> manipulate the password db as root? If I can control any of this tools
> to execute code with sgid shadow, I can just manipulate the root record
> anyway. Sorry to be harsh.
>
> Joerg
>
When you do buffer-overflow in passwd you can exec any code with root priviledges,
but with tcb you must change root password to run code with root priviledges,
and administrator will see this faster.
____________________________________________________________________________
Serwery za 1 zł!
www.nazwa.pl
More information about the Users
mailing list