Date: Tue, 17 Nov 1998 21:58:15 +0100 (CET) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: wam@sa.fedex.com (William McVey) Cc: hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <199811172058.VAA02065@ocean.campus.luth.se> In-Reply-To: <199811161838.MAA25024@s07.sa.fedex.com> from William McVey at "Nov 16, 98 12:38:11 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
According to William McVey: > I'm in favor of the proposed change to allow some group (for discussion > sake, lets call it group 'shadow') read permission to the shadow file. Umm... I have seen no one in this discussion mention this, so I'll say it, after repeating what someone DID say "Small well audited setuid programs are not a problem". Now... Here's my suggestion, my_xlock.c: int main() { char *str; FILE *f; int done = 0; lock_screen(); while (!done) { str = wait_for_passwd(); f = popen("/usr/bin/check_pw", "w"); fprintf(f, "%d %s\n", getuid(), str); fflush(f); if (!pclose(f)) { unlock_screen(); done = 1; } else { print_errror("Wrong password"); } } return 0; } Seems simple enough to me, and could be used from scripts and everything. All you need is a small util (/usr/bin/check_pw) that is setuid root. I can't see a security problem with this, at all. Failed logins could be logged also, if that's a concern. All it has to do is something like: int main() { char buffer[100]; struct passwd *pw; uind_t uid; char *str; char *setting; fgets(buffer, sizeof buffer, stdin); if (isdigit(buffer[0])) { uid = strtol(buffer, &str, 0); if (!*str) exit(1); pw = getpwuid(uid); } else { while (!isspace(*str)) str++; if (!*str) exit(1); *str = '\0'; pw = getpwnam(buffer); } str++; setting = get_setting_and_move_str(&str); if (strcmp(pw->pw_passwd, crypt(str, setting)) == 0) return 0; return 1; } I'm sure there are minor or even major mistakes in the programs above, but I think everyone should get the idea, if the problems are just syntax errors, and such. The check_pw program should be small enough to be quite possible to do as close to 100% bug free as one can hope to get. /Mikael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811172058.VAA02065>