Re: Shadow Passwords
It looks like I'm getting way behind in my email again. :-(
> I'm not sure if having a separate library for crypt makes your system more
> or less vulnerable to attack. It does make it easier to deploy password
> shadowing, though. David should be in on this discussion as he's currently
> maintaining libc.
FYI, a (probably) not-to-distant future version of ld.so will support
a secure method for preloading ELF shared libraries. Currently, ld.so
only honors preloading for non-setuid/setgid binaries. What this
means is that, in theory, it should be possible to create a completely
optional package which installs a library to be preloaded that will
selectively override libc and provide shadow passwords.
David
--
David Engel Optical Data Systems, Inc.
david@ods.com 1101 E. Arapaho Road
(214) 234-6400 Richardson, TX 75081
Reply to: