Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Mar 2012 12:46:12 +0100
From: Paweł Hajdan, Jr. <>
Subject: hardened-shadow, a shadow suite that has tcb built-in

I'd like to announce my little project I've published recently:
hardened-shadow. It's an alternative implementation of shadow utilities
(login, su, passwd and so on), inspired by Openwall's tcb.

The advantage is that you don't need separate patches (that are often out
of sync) or libraries. Everything: programs, PAM module and NSSwitch module
are in the same package. Also, it works with vanilla glibc. Finally, it's
smaller than shadow-utils, and should be easier to fully audit.

The drawback is that it's new (so not really tested; also, some security
bugs are likely to be lurking around), and doesn't support some features
like SELinux or NIS. I'd like to add SELinux support, and I'm rather
unenthusiastic about NIS; anyway I'm open to the opinions of the community
about that).

The project's homepage is .

I'm currently looking for people interested in using hardened-shadow, as
well as some form of security audit of this very young codebase.

Paweł Hajdan, Jr.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.