develooper Front page | perl.perl5.porters | Postings from November 1999

Re: getspnam-support

Thread Previous | Thread Next
From:
Tom Christiansen
Date:
November 27, 1999 15:23
Subject:
Re: getspnam-support
Message ID:
199911272322.QAA09350@jhereg.perl.com
>Returning the shadow data just because you're running as root is a possible
>security hole.

I'm sure the security folks from OpenBSD would be fascinated to learn
more of this angle.  From their getpwnam(3) manpage:

    These routines have been written to ``shadow'' the password file,
    e.g., allow only certain programs to have access to the encrypted
    password.  If the process which calls them has an effective UID of
    0, the encrypted password will be returned, otherwise, the password
    field of the returned structure will point to the string `*'.

http://www.openbsd.org/cgi-bin/man.cgi?query=getpwnam&apropos=0&sektion=3&manpath=OpenBSD+Current&format=html

--tom

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About