userpasswd
Marcia Wilbur
aicra at well.com
Mon Oct 27 07:18:51 UTC 2003
On Sat, 25 Oct 2003, Gordon Messmer wrote:
> Marcia Wilbur wrote:
> > In RH 9..
> > userpasswd is broken
> > Reasons why:
> >
> > 1. shadow passwords require that etc/shadow file not be
> > writeable by just anyone. This means that users cannot change it. Nor can
> > any program run by the user.
>
> A SUID program run by the user can modify the shadow database. This is
> the case with the "passwd" program and "consolehelper".
>
ok
> > 2. You cannot set the userpasswd to be setuid root because then that would
> > mean that any user can change any users password if they are at a terminal
> > that someone forgot to log out from they can change the password for that
> > user.
>
> userpasswd can't be SUID because it's GTK+, but it uses the program
> "consolehelper", which is SUID. Just because a program is SUID doesn't
> make it a danger to the system. In the case of both "passwd" and
> "consolehelper", the program is designed to allow users to modify files
> otherwise writable only by the root user, but only to modify their own
> information. In other words, they don't just allow the user to modify
> the file however the user wants.
>
I see, so the consolehelper is a proxy for the password program and I'm
sure probably others.
> > 3. The userpasswd program simply assumes that the user who was trying to
> > change the password is the one that is running the program.
>
> Why is that wrong? It allows you to set your own password, and no one
> elses. That's what it's supposed to do.
>
I was assuming that the program simply accesses the file rather than
feeding through a proxy. Given that, I cannot explain why I get a dialog
that says unknown error.
More information about the fedora-devel-list
mailing list