tcb - the alternative to shadow
Chris Ricker
kaboom at oobleck.net
Thu Aug 24 15:43:40 UTC 2006
On Thu, 24 Aug 2006, Neal Becker wrote:
> Ralf Ertzinger wrote:
>
> > Hi.
> >
> > On Thu, 24 Aug 2006 11:04:26 -0400, Neal Becker wrote:
> >
> >> http://www.openwall.com/presentations/Owl/mgp00020.html
> >
> > Hmmm. What is the advantage of this scheme? The first disadvantage
> > that springs to my mind is that any attacker that gains user privileges
> > (browser bug or whatever) can suddenly change the user password.
> >
>
> How is that a disadvantage, compared to existing systems? With previous
> systems, if you gain user priv you can also change user password. I think
> the idea of tcb is that's all you can do. No suid root stuff is used.
> (Honestly, I don't know much about tcb - I just thought it might be of
> interest)
I think Ralf was thinking that tcb would permit something conceptually
along the lines of
$ vi /etc/tcb/`id -un`/shadow
to change your existing passwd w/o having to know it
The permissions on /etc/tcb should prevent that though -- only an sgid
shadow app (the passwd command) can be used....
later,
chris
More information about the devel
mailing list