Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Jul 2002 23:09:40 -0400
From:      "Brian T. Schellenberger" <bts@babbleon.org>
To:        Pawel Jakub Dawidek <nick@garage.freebsd.pl>, freebsd-hackers@freebsd.org
Subject:   Re: What for we need set-uid-root on passwd/chpass/etc.?:)
Message-ID:  <200207242309.40824.bts@babbleon.org>
In-Reply-To: <20020724171152.GA91362@garage.freebsd.pl>
References:  <20020724171152.GA91362@garage.freebsd.pl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 24 July 2002 01:11 pm, Pawel Jakub Dawidek wrote:
| Hello there...

| And pwd_parser is one, little set-uid-root for all of those applications.
| This is something like brigde between (now set-gid on "passwd" group)
| passwd/chpass/etc. and pwd_mkdb(8).
:
| I know that passwd/chpass are safe (no security holes for long time or
| never), but what You think about this solution?

It's innovative, and innovations are always to be carefully pondered where 
security it concerned, but it seems logical to me to centralize as many 
security functions into one place where it can be very carefully scrutinized.  
That way if there is a bug it only has to be fixed once and all the clients 
are automatically fixed.

General softward engineering principle to avoid duplication of effort and 
therefore duplication of maintenance.

-- 
Brian, the man from Babble-On . . . .   bts@babbleon.org (personal)
                                        http://www.babbleon.org

http://www.eff.org                      http://www.programming-freedom.org 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207242309.40824.bts>