tcb - the alternative to shadow
Neal Becker
ndbecker2 at gmail.com
Thu Aug 24 15:29:30 UTC 2006
Ralf Ertzinger wrote:
> Hi.
>
> On Thu, 24 Aug 2006 11:04:26 -0400, Neal Becker wrote:
>
>> http://www.openwall.com/presentations/Owl/mgp00020.html
>
> Hmmm. What is the advantage of this scheme? The first disadvantage
> that springs to my mind is that any attacker that gains user privileges
> (browser bug or whatever) can suddenly change the user password.
>
How is that a disadvantage, compared to existing systems? With previous
systems, if you gain user priv you can also change user password. I think
the idea of tcb is that's all you can do. No suid root stuff is used.
(Honestly, I don't know much about tcb - I just thought it might be of
interest)
More information about the fedora-devel-list
mailing list