[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: userpasswd

From: Gordon Messmer <yinyang eburg com>
To: fedora-devel-list redhat com
Subject: Re: userpasswd
Date: Sat, 25 Oct 2003 15:47:34 -0700

Marcia Wilbur wrote:

In RH 9..
userpasswd is broken
Reasons why:

1. shadow passwords require that etc/shadow file not be
writeable by just anyone. This means that users cannot change it. Nor can
any program run by the user.

A SUID program run by the user can modify the shadow database. This is the case with the "passwd" program and "consolehelper".

2. You cannot set the userpasswd to be setuid root because then that would
mean that any user can change any users password if they are at a terminal
that someone forgot to log out from they can change the password for that
user.

userpasswd can't be SUID because it's GTK+, but it uses the program "consolehelper", which is SUID. Just because a program is SUID doesn't make it a danger to the system. In the case of both "passwd" and "consolehelper", the program is designed to allow users to modify files otherwise writable only by the root user, but only to modify their own information. In other words, they don't just allow the user to modify the file however the user wants.

3. The userpasswd program simply assumes that the user who was trying to
change the password is the one that is running the program.

Why is that wrong? It allows you to set your own password, and no one elses. That's what it's supposed to do.

Follow-Ups:
- Re: userpasswd
  - From: Marcia Wilbur

References:
- xchat updated to be exec-shield friendly
  - From: Mike A. Harris
- Re: xchat updated to be exec-shield friendly
  - From: Michael K. Johnson
- userpasswd
  - From: Marcia Wilbur

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]