develooper Front page | perl.perl5.porters | Postings from November 1999

Re: getspnam-support

Thread Previous | Thread Next
Matthias Urlichs
November 29, 1999 05:19
Re: getspnam-support
Message ID:

Dan Sugalski:
> >Returning the shadow data just because you're running as root is a possible
> >security hole.
> If you're running as root there are no security holes since there is no
> security. You can already do anything you want, so why quibble over this?

Consider a setuid-root program which doesn't need the actual password,
but which calls getpw*() for other reasons.

Conceivably, that program could be induced to leak the password.

Matthias Urlichs  |  noris network GmbH   |  |  ICQ: 20193661
The quote was selected randomly. Really.    |

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About