From owner-freebsd-security  Wed Nov 18 03:24:04 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA19610
          for freebsd-security-outgoing; Wed, 18 Nov 1998 03:24:04 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from david.siemens.de (david.siemens.de [192.35.17.14])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA19556
          for <freebsd-security@FreeBSD.ORG>; Wed, 18 Nov 1998 03:23:46 -0800 (PST)
          (envelope-from andre.albsmeier@mchp.siemens.de)
X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de)
Received: from mail.siemens.de (salomon.siemens.de [139.23.33.13])
	by david.siemens.de (8.9.1a/8.9.1) with ESMTP id KAA18646
	for <freebsd-security@FreeBSD.ORG>; Wed, 18 Nov 1998 10:48:23 +0100 (MET)
Received: from curry.mchp.siemens.de (daemon@curry.mchp.siemens.de [146.180.31.23])
	by mail.siemens.de (8.9.1a/8.9.1) with ESMTP id KAA06878
	for <freebsd-security@FreeBSD.ORG>; Wed, 18 Nov 1998 10:48:23 +0100 (MET)
Received: (from daemon@localhost)
	by curry.mchp.siemens.de (8.8.8/8.8.8) id KAA12144
	for <freebsd-security@FreeBSD.ORG>; Wed, 18 Nov 1998 10:48:24 +0100 (CET)
Message-ID: <19981118104819.A1664@internal>
Date: Wed, 18 Nov 1998 10:48:19 +0100
From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: William McVey <wam@sa.fedex.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Would this make FreeBSD more secure?
References: <199811161838.MAA25024@s07.sa.fedex.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <199811161838.MAA25024@s07.sa.fedex.com>; from William McVey on Mon, Nov 16, 1998 at 12:38:11PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 16-Nov-1998 at 12:38:11 -0600, William McVey wrote:
> [ This is a fairly long reply.  The last paragraph has some 
>   info related to xterm's need for root permissions of possible
>   interest. ]
> 
> I'm in favor of the proposed change to allow some group (for discussion
> sake, lets call it group 'shadow') read permission to the shadow file.
> Unfortunatly, it's not enough.  The getpwnam (and family) needs to be 
> modified to base their access method on access to the file as opposed to 
> a "root or not-root" check.  The routine __initdb() in 
> /usr/src/lib/libc/gen/getpwent.c seems to be the place to make the change...
> (I code the propose "patch" very quickly, it should defintly be reviewed).
> 
> before:
> 	p = (geteuid()) ? _PATH_MP_DB : _PATH_SMP_DB;
> 	_pw_db = dbopen(p, O_RDONLY, 0, DB_HASH, NULL);
> 	if (_pw_db) {
> 		[code]
> 
> after:
> 	if((DB *)0 == (_pw_db=dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL))) {
> 		_pw_db = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL); 
> 	}
> 	if ((DB *)0 ==_pw_db) {
> 		[code]
> 

Looks good!

As I said, I hope I will have time to make experiments this weekend.
We may not forget the code that touches /etc/master.passwd and
/etc/spwd.db for writing. I think this will be mainly pwd_mkdb and maybe
others. We have to be careful here...

	-Andre

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message