Re: /sbin/unix_chkpwd setuid root
Janto Trappe <list@sylence.de> wrote:
> In der Manpage fuer unix_chkpwd steht:
> This program is not intended to be called directly by
> users and will log to syslog if it is calledimporperly
> (i.e., by some one trying exploit it).
> Warum ist bei potato unix_chkpwd setuid root wenn es a) in /sbin/
> liegt und b) sowieso nicht von usern ausgefuehrt werden soll?
> Bugreport?
Nein.
|-----------/usr/doc/libpam-doc/txt/pam.txt.gz
| A helper binary, unix_chkpwd, is provided to check the user's
| password when it is stored in a read protected database. This
| binary is very simple and will only check the password of the
| user invoking it. It is called transparently on behalf of the
| user by the authenticating component of this module. In this
| way it is possible for applications like xlock to work without
| being setuid-root.
|---------------------------
cu andreas
--
Uptime: 10 seconds load average: 0.00, 0.00, 0.00
vim:ls=2:stl=***\ Sing\ a\ song.\ ***
--
-----------------------------------------------------------
Um sich aus der Liste auszutragen schicken Sie bitte eine
E-Mail an debian-user-de-request@lehmanns.de die im Subject
"unsubscribe <deine_email_adresse>" enthaelt.
Bei Problemen bitte eine Mail an: Jan.Otto@Lehmanns.de
-----------------------------------------------------------
839 eingetragene Mitglieder in dieser Liste.
Reply to: