Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Feb 2013 18:04:08 +0100
From: Daniel Cegiełka <daniel.cegielka@...il.com>
To: musl@...ts.openwall.com
Subject: Re: shadow.h

2013/2/27 Rich Felker <dalias@...ifal.cx>:

>>
>> I prefer tcb, but the current implementation in musl isn't as
>> functional as owl's (privilege separation):
>
> Can you explain this better?

Owl's tcb uses SGID instead SUID, so SUID is not needed for programs
like passwd. Here is a good presentation:

http://www.openwall.com/presentations/Owl/mgp00020.html

> I don't think the code in libc has
> anything to do with privilege separation model used. It only *reads*
> the tcb shadow data; it doesn't write anything, and it doesn't depend
> on any particular permissions model for the data except that it be
> readable by whichever user is doing authenticating.
>
> Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.