[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

userpasswd



In RH 9..
userpasswd is broken
Reasons why:

1. shadow passwords require that etc/shadow file not be
writeable by just anyone. This means that users cannot change it. Nor can
any program run by the user.

2. You cannot set the userpasswd to be setuid root because then that would
mean that any user can change any users password if they are at a terminal
that someone forgot to log out from they can change the password for that
user.

3. The userpasswd program simply assumes that the user who was trying to
change the password is the one that is running the program.

Some other approach must be done.

-marcia




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]