Re: /bin/passwd as shell

To: debian-security@lists.debian.org
Subject: Re: /bin/passwd as shell
From: Ralf Dreibrodt <ralf@dreibrodt.de>
Date: Thu, 24 Jan 2002 19:05:54 +0100
Message-id: <[🔎] 3C504D02.72AFAF1F@dreibrodt.de>
References: <[🔎] 20020123233814.A7815@linux.wku.edu> <[🔎] 34422.193.159.108.235.1011853415.squirrel@madduck.net> <[🔎] 20020124111759.A10021@linux.wku.edu> <[🔎] 20020124095347.B14257@prime.konkers.net>

Hi,

David N Moore wrote:
> 
> i'm a new poster here, but one thing that strikes me is that the
> source to passwd should be hanging around somewhere.  It wouldn't be
> incredibly difficult to make a custom version which does not ask for
> the original password, right?  Then you could set it to be the login
> shell and it wouldn't ask for the password twice.

and then no user, who has a valid shell has to enter the old password
from user x, when he wants to change the password of user x.
perhaps even if x=root ;-)

be careful, when you don't ask for the old password!

bye
Ralf

Reply to:

Follow-Ups:
- Re: [d-security] Re: /bin/passwd as shell
  - From: Christian Hammers <ch@westend.com>
- Re: /bin/passwd as shell
  - From: martin f krafft <madduck@madduck.net>

References:
- /bin/passwd as shell
  - From: Rob VanFleet <rvf@linux.wku.edu>
- Re: /bin/passwd as shell
  - From: "martin f krafft" <madduck@madduck.net>
- Re: /bin/passwd as shell
  - From: Rob VanFleet <rvf@linux.wku.edu>
- Re: /bin/passwd as shell
  - From: David N Moore <dnmoore@konkers.net>

Prev by Date: Re: /bin/passwd as shell
Next by Date: Re: [d-security] Re: /bin/passwd as shell
Previous by thread: Re: /bin/passwd as shell
Next by thread: Re: [d-security] Re: /bin/passwd as shell
Index(es):
- Date
- Thread