Date: Wed, 27 Feb 2013 18:04:08 +0100 From: Daniel Cegiełka <daniel.cegielka@...il.com> To: musl@...ts.openwall.com Subject: Re: shadow.h 2013/2/27 Rich Felker <dalias@...ifal.cx>: >> >> I prefer tcb, but the current implementation in musl isn't as >> functional as owl's (privilege separation): > > Can you explain this better? Owl's tcb uses SGID instead SUID, so SUID is not needed for programs like passwd. Here is a good presentation: http://www.openwall.com/presentations/Owl/mgp00020.html > I don't think the code in libc has > anything to do with privilege separation model used. It only *reads* > the tcb shadow data; it doesn't write anything, and it doesn't depend > on any particular permissions model for the data except that it be > readable by whichever user is doing authenticating. > > Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.