On Sat, 25 Oct 2003, Gordon Messmer wrote:
Marcia Wilbur wrote:
> In RH 9..
> userpasswd is broken
> Reasons why:
> 1. shadow passwords require that etc/shadow file not be
> writeable by just anyone. This means that users cannot change it. Nor can
> any program run by the user.
A SUID program run by the user can modify the shadow database. This is
the case with the "passwd" program and "consolehelper".
> 2. You cannot set the userpasswd to be setuid root because then
> mean that any user can change any users password if they are at a terminal
> that someone forgot to log out from they can change the password for that
userpasswd can't be SUID because it's GTK+, but it uses the program
"consolehelper", which is SUID. Just because a program is SUID doesn't
make it a danger to the system. In the case of both "passwd" and
"consolehelper", the program is designed to allow users to modify files
otherwise writable only by the root user, but only to modify their own
information. In other words, they don't just allow the user to modify
the file however the user wants.
I see, so the consolehelper is a proxy for the password program and I'm
sure probably others.
> 3. The userpasswd program simply assumes that the user who was
> change the password is the one that is running the program.
Why is that wrong? It allows you to set your own password, and no one
elses. That's what it's supposed to do.
I was assuming that the program simply accesses the file rather than
feeding through a proxy. Given that, I cannot explain why I get a dialog
that says unknown error.