[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_unix opens /etc/shadow as regular user



On Fri, Jan 27, Jonathan DeSena wrote:

> I have a simple patch that works for me (see below), but perhaps there
> is a better way. I believe this issue should be resolved in the
> mainline, especially as auditing in Linux becomes more common.

The fix is wrong, you don't need setuid root permissions to read
/etc/shadow. You can solve the access problems with setgid or ACLs,
too. So it is impossible to implement a correct check without trying 
to open the file.

  Thorsten

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk suse de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]