userpasswd

[Gordon Messmer]

Marcia Wilbur wrote:
> In RH 9..
> userpasswd is broken
> Reasons why:
> 
> 1. shadow passwords require that etc/shadow file not be
> writeable by just anyone. This means that users cannot change it. Nor can
> any program run by the user.

A SUID program run by the user can modify the shadow database.  This is 
the case with the "passwd" program and "consolehelper".

> 2. You cannot set the userpasswd to be setuid root because then that would
> mean that any user can change any users password if they are at a terminal
> that someone forgot to log out from they can change the password for that
> user.

userpasswd can't be SUID because it's GTK+, but it uses the program 
"consolehelper", which is SUID.  Just because a program is SUID doesn't 
make it a danger to the system.  In the case of both "passwd" and 
"consolehelper", the program is designed to allow users to modify files 
otherwise writable only by the root user, but only to modify their own 
information.  In other words, they don't just allow the user to modify 
the file however the user wants.

> 3. The userpasswd program simply assumes that the user who was trying to
> change the password is the one that is running the program.

Why is that wrong?  It allows you to set your own password, and no one 
elses.  That's what it's supposed to do.