Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Oct 2021 01:16:30 -0500
From: "A. Wilcox" <awilfox@...lielinux.org>
To: musl@...ts.openwall.com
Subject: Re: get/set*ent functions and real world applications

On Oct 11, 2021, at 12:41 PM, √Črico Nogueira <ericonr@...root.org> wrote:
> 
> Things in /etc
> can, theoretically, only be written to by root or at least trusted
> users, so treating as entirely untrusted seems a bit over the top...

My understanding is that tcb exists explicitly to make these files modifiable by non-root users, to make the shadow tools unprivileged.

I don't recall if GECOS or group fields are included in tcb, or if it is only the password itself.  If the other fields are included, this is a much more important bug than otherwise.

Best,
-arw
--
A. Wilcox (Sent from my iPhone)
Mac, iOS, Linux software engineer


Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.