From owner-freebsd-hackers Mon Nov 3 10:31:29 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id KAA21942 for hackers-outgoing; Mon, 3 Nov 1997 10:31:29 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from misery.sdf.com (misery.sdf.com [204.244.210.193]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id KAA21937 for ; Mon, 3 Nov 1997 10:31:24 -0800 (PST) (envelope-from tom@sdf.com) Received: from tom by misery.sdf.com with smtp (Exim 1.73 #1) id 0xSRFI-0005OQ-00; Mon, 3 Nov 1997 10:29:04 -0800 Date: Mon, 3 Nov 1997 10:29:02 -0800 (PST) From: Tom To: Eivind Eklund cc: hackers@freebsd.org Subject: Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources) In-Reply-To: <19971103191349.30502@bitbox.follo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 3 Nov 1997, Eivind Eklund wrote: > > > Is it restricted to only let a user check his own password? Or could > > > we make it only check a users own password fairly easily? > > > > How would that be useful? > > Security. If a user can check other people's passwords, he can > brute-force passwords. If he can't, he can't. :-) Who said that they could? The pwcheck daemon only allows specific users to check passwords. This is much better. In your scheme, only a process running as user xyz can check the password for xyz. However, how did the process get to run as xyz? Probably a root process doing a setuid(). The pwcheck scheme does not require _anything_ to run as root. See my web server example. Web servers typically run as a "www" user. Using pwcheck, I can allow the "www" to verify password. In your scheme, I would have to let the web server run as root, in order to setuid() to a user, and then check the password. > Eivind. Tom