From owner-freebsd-hackers  Wed Jul 24 20:10:14 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2BDA437B405
	for <freebsd-hackers@freebsd.org>; Wed, 24 Jul 2002 20:10:08 -0700 (PDT)
Received: from smtp2.southeast.rr.com (smtp2.southeast.rr.com [24.93.67.83])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 708C843E65
	for <freebsd-hackers@freebsd.org>; Wed, 24 Jul 2002 20:10:07 -0700 (PDT)
	(envelope-from bts@fake.com)
Received: from mail5.nc.rr.com (fe5 [24.93.67.52])
	by smtp2.southeast.rr.com (8.12.5/8.12.2) with ESMTP id g6P3B7AY019519;
	Wed, 24 Jul 2002 23:11:07 -0400 (EDT)
Received: from this.is.fake.com ([66.26.254.93]) by mail5.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Wed, 24 Jul 2002 23:09:58 -0400
Received: by this.is.fake.com (Postfix, from userid 111)
	id 08D85BA12; Wed, 24 Jul 2002 23:09:40 -0400 (EDT)
Content-Type: text/plain;
  charset="iso-8859-2"
From: "Brian T. Schellenberger" <bts@babbleon.org>
To: Pawel Jakub Dawidek <nick@garage.freebsd.pl>,
	freebsd-hackers@freebsd.org
Subject: Re: What for we need set-uid-root on passwd/chpass/etc.?:)
Date: Wed, 24 Jul 2002 23:09:40 -0400
User-Agent: KMail/1.4.2
References: <20020724171152.GA91362@garage.freebsd.pl>
In-Reply-To: <20020724171152.GA91362@garage.freebsd.pl>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200207242309.40824.bts@babbleon.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Wednesday 24 July 2002 01:11 pm, Pawel Jakub Dawidek wrote:
| Hello there...

| And pwd_parser is one, little set-uid-root for all of those applications.
| This is something like brigde between (now set-gid on "passwd" group)
| passwd/chpass/etc. and pwd_mkdb(8).
:
| I know that passwd/chpass are safe (no security holes for long time or
| never), but what You think about this solution?

It's innovative, and innovations are always to be carefully pondered where 
security it concerned, but it seems logical to me to centralize as many 
security functions into one place where it can be very carefully scrutinized.  
That way if there is a bug it only has to be fixed once and all the clients 
are automatically fixed.

General softward engineering principle to avoid duplication of effort and 
therefore duplication of maintenance.

-- 
Brian, the man from Babble-On . . . .   bts@babbleon.org (personal)
                                        http://www.babbleon.org

http://www.eff.org                      http://www.programming-freedom.org 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message