Front page | perl.perl5.porters |
Postings from November 1999
From: Matthias Urlichs
November 29, 1999 05:19
Message ID: 19991129141947.B5713@noris.de
> >Returning the shadow data just because you're running as root is a possible
> >security hole.
> If you're running as root there are no security holes since there is no
> security. You can already do anything you want, so why quibble over this?
Consider a setuid-root program which doesn't need the actual password,
but which calls getpw*() for other reasons.
Conceivably, that program could be induced to leak the password.
Matthias Urlichs | noris network GmbH | firstname.lastname@example.org | ICQ: 20193661
The quote was selected randomly. Really. | http://www.noris.de/~smurf/