Date: Wed, 27 Feb 2013 11:54:08 -0500 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: shadow.h On Wed, Feb 27, 2013 at 10:09:18AM +0100, Daniel Cegiełka wrote: > 2013/2/27 Rich Felker <dalias@...ifal.cx>: > > On Tue, Feb 26, 2013 at 11:54:58PM +0100, Daniel Cegiełka wrote: > > >> Error relocating /lib/security/pam_unix.so: putspent: symbol not found > >> Error relocating /lib/security/pam_unix.so: fgetspent: symbol not found > >> Error relocating /lib/security/pam_unix.so: putpwent: symbol not found > > > > These have been discussed before and I believe the intent is to add > > them (they're simple fprintf wrappers, if I remember correctly), > > ....or can be removed from shadow.h. > > > but > > be aware that pam_unix.so's support for writing to the password > > database assumes a certain form and will break things badly if the > > user is using tcb shadow. It might also mess up the shadow file if it > > depends on being able to iterate all entries in the shadow file; I'm > > not sure if that works or not. > > > > These are issues that need more discussion... > > I prefer tcb, but the current implementation in musl isn't as > functional as owl's (privilege separation): Can you explain this better? I don't think the code in libc has anything to do with privilege separation model used. It only *reads* the tcb shadow data; it doesn't write anything, and it doesn't depend on any particular permissions model for the data except that it be readable by whichever user is doing authenticating. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.