passwd et al

To: debian-security@lists.debian.org
Subject: passwd et al
From: Simon Huggins <huggie@earth.li>
Date: Wed, 20 Jun 2001 19:33:00 +0200
Message-id: <[🔎] 20010620193300.A953@paranoidfreak.co.uk>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87y9qnu1rs.fsf@hackerhue.ddts.net>

On Wed, Jun 20, 2001 at 12:02:47AM -0600, Hubert Chan wrote:
> Well, obviously my proposed scheme wouldn't work (because of the
> previously mentioned exploit), but the motivation behind the scheme
> was to reduce the number of SUID programs (because if you don't need
> it to be SUID, you're safer without it being SUID).  Is there any
> (sane) way of making it so that programs such as passwd, chsh, etc.
> don't need to be SUID?

You could have an SUID helper that does the changes and some magic
(userv perhaps?) between it and the apps.

I'm not sure what the point is.  The resulting apps would be new and
wouldn't have been oggled by all the eyes that have looked at the
shadow suite.

Simon.

-- 
[ "Just wait. My crystal ball is infallible." -- Linus                 ]

Reply to:

References:
- Re: A question about Knark and modules
  - From: Hubert Chan <hackerhue@geek.com>

Prev by Date: Re: gnupg problem
Next by Date: Re: gnupg problem
Previous by thread: Re: A question about Knark and modules
Next by thread: Re: A question about Knark and modules
Index(es):
- Date
- Thread