AppArmor for Fedora
Les Mikesell
lesmikesell at gmail.com
Wed Aug 29 04:49:05 UTC 2007
Tim wrote:
> On Tue, 2007-08-28 at 08:36 -0400, Robert Locke wrote:
>> /etc/passwd has always been "universally" readable. As a quick
>> example, note your use of "ll" which is really "ls -l" and the fact
>> that the third and fourth columns are displaying "names" of the user
>> and group associated with that file. The reality is that the "names"
>> are not stored on disk, but rather their numeric representation: uid
>> and gid. In order for the ls command to display a name, it needs to
>> "look up" the user's name associated with the uid it got from the
>> filesystem. Where is this "mapping" of uid and username kept?
>> Yep, /etc/passed.
>
> Though, I would have thought that the safest way to do that, would not
> be for applications to directly read the file, but to query the system,
> and the system read that file.
Unix was designed to be a simple system.
> Much the same as how name look-ups are done. You ask the resolver,
> which looks at a hosts file or uses a DNS server. You don't have each
> application doing that role.
But the resolver is a library which is in fact part of each application
and in the case of the hosts file the application does read it.
--
Les Mikesell
lesmikesell at gmail.com
More information about the users
mailing list