On Wed, 2013-02-06 at 13:35 +0100, Thorsten Kukuk wrote:
On Wed, Feb 06, Dmitry V. Levin wrote:
If I'm not mistaken, this code would allow such odd configurations as ENCRYPT_METHOD=use_first_pass which is probably not what one could expect from this feature.
Correct, but it cannot make any damage, only root would be able to add it, and it would break the shadow tools.
I don't see this as a real problem and I wouldn't duplicate all the data only for this.
I agree with Thorsten here. Although it could be possible to add additional member to the unix_args structure that would mark the options that are crypt() algorithms.