|From:||"Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>|
|Date:||Sat, 17 Mar 2007 00:05:20 +0100|
c) add support for openwall tcb - the alternative to shadow (with pam module) which is more secure than pam_unix and pam_pwdb, because tools like 'passwd' or 'chage' don't neet SUID, instead it use SGID 'shadow'. Group 'auth' may be used to read-only access to all password hashes.I am not convinced that this improves security. Could you please detail your security considerations? My point is: current tools have been exposed to security audit for over 20 years now, so unless something else is conceptually more secure, chances are high that we should stick with the original system.I made a mistake in this point, SGID shadow can only read users list (can not read/write passwords). SGID auth can read passwords, but can not write it. Every user have its own shadow file whitch is owned by this user. Write to user's shadow file can only this user or root. There is not required SUID root for passwd and related tools. For more you can read on http://openwall.com/tcb/.
Short for everybody too lazy to read: master.passwd is being split into single per-user files. these are located in per-user dirs with mode $user:auth 710 and the files $user:auth 640. this way only root+user can change the files and therefore the password. only root+user+group auth can read/check the password. don't know about chsh(1) etc.
-- Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\ Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
Description: OpenPGP digital signature