userpasswd

Marcia Wilbur aicra at well.com
Mon Oct 27 07:18:51 UTC 2003


On Sat, 25 Oct 2003, Gordon Messmer wrote:

> Marcia Wilbur wrote:
> > In RH 9..
> > userpasswd is broken
> > Reasons why:
> >
> > 1. shadow passwords require that etc/shadow file not be
> > writeable by just anyone. This means that users cannot change it. Nor can
> > any program run by the user.
>
> A SUID program run by the user can modify the shadow database.  This is
> the case with the "passwd" program and "consolehelper".
>

ok

> > 2. You cannot set the userpasswd to be setuid root because then that would
> > mean that any user can change any users password if they are at a terminal
> > that someone forgot to log out from they can change the password for that
> > user.
>
> userpasswd can't be SUID because it's GTK+, but it uses the program
> "consolehelper", which is SUID.  Just because a program is SUID doesn't
> make it a danger to the system.  In the case of both "passwd" and
> "consolehelper", the program is designed to allow users to modify files
> otherwise writable only by the root user, but only to modify their own
> information.  In other words, they don't just allow the user to modify
> the file however the user wants.
>

I see, so the consolehelper is a proxy for the password program and I'm
sure probably others.

> > 3. The userpasswd program simply assumes that the user who was trying to
> > change the password is the one that is running the program.
>
> Why is that wrong?  It allows you to set your own password, and no one
> elses.  That's what it's supposed to do.
>

I was assuming that the program simply accesses the file rather than
feeding through a proxy. Given that, I cannot explain why I get a dialog
that says unknown error.





More information about the fedora-devel-list mailing list