Date: Wed, 13 Oct 2021 01:16:30 -0500 From: "A. Wilcox" <awilfox@...lielinux.org> To: musl@...ts.openwall.com Subject: Re: get/set*ent functions and real world applications On Oct 11, 2021, at 12:41 PM, Érico Nogueira <ericonr@...root.org> wrote: > > Things in /etc > can, theoretically, only be written to by root or at least trusted > users, so treating as entirely untrusted seems a bit over the top... My understanding is that tcb exists explicitly to make these files modifiable by non-root users, to make the shadow tools unprivileged. I don't recall if GECOS or group fields are included in tcb, or if it is only the password itself. If the other fields are included, this is a much more important bug than otherwise. Best, -arw -- A. Wilcox (Sent from my iPhone) Mac, iOS, Linux software engineer Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.