Re: getspnam-support

Hi,

Dan Sugalski:
> >Returning the shadow data just because you're running as root is a possible
> >security hole.
> 
> If you're running as root there are no security holes since there is no
> security. You can already do anything you want, so why quibble over this?

Consider a setuid-root program which doesn't need the actual password,
but which calls getpw*() for other reasons.

Conceivably, that program could be induced to leak the password.

-- 
Matthias Urlichs  |  noris network GmbH   |   smurf@noris.de  |  ICQ: 20193661
The quote was selected randomly. Really.    |      http://www.noris.de/~smurf/
-- 
Password:

• getspnam-support by Jochen Wiedmann
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by Tom Phoenix
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Matthias Urlichs
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by Matthias Urlichs
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Dan Sugalski
• Re: getspnam-support by Matthias Urlichs
• Re: getspnam-support by Dan Sugalski
• Re: getspnam-support by Jochen Wiedmann
• Re: getspnam-support by Gurusamy Sarathy
• Re: getspnam-support by Jochen Wiedmann