Re: strange result when typing wrong password
Niklas Söderlund <niklas.soderlund@chello.se> writes:
> So, how do i solve this problem? I'd like to keep the login-account,
> without komprimising security.
There are four more bits than the traditional rwxrwxrwx. And you want
to do is modify those bits on /etc/passwd to say (i) processes that
have no uid:s at all are not included in "others", and (ii) such
processes are not allowed to access /etc/passwd.
But it's harder than it sounds, because chmod doesn't yet know about
those bits. There have been some patches on the hurd-bugs mailing list.
Also the default for the bit that decides whether or not no-uid
processes are included in "others" isn't really decided yet.
And at last, if you have the login shell only on the console (that's
the default behavior, iirc), and if you have no locked door between
the console and the physical machine, remember that an attacker that
can walk up to the console probably has easier ways to break into the
machine than running crack on the /etc/passwd file.
/Niels
--
To UNSUBSCRIBE, email to debian-hurd-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: