[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Shadow Passwords

It looks like I'm getting way behind in my email again. :-(

> I'm not sure if having a separate library for crypt makes your system more
> or less vulnerable to attack. It does make it easier to deploy password
> shadowing, though. David should be in on this discussion as he's currently
> maintaining libc.

FYI, a (probably) not-to-distant future version of ld.so will support
a secure method for preloading ELF shared libraries.  Currently, ld.so
only honors preloading for non-setuid/setgid binaries.  What this
means is that, in theory, it should be possible to create a completely
optional package which installs a library to be preloaded that will
selectively override libc and provide shadow passwords.

David Engel                        Optical Data Systems, Inc.
david@ods.com                      1101 E. Arapaho Road
(214) 234-6400                     Richardson, TX  75081

Reply to: