AW: AW: [suse-kde] Fwd: screensaver fails password check
I agree but you originally could not "see" the shadow file with kcheckpass and the fix was to set ownership to root, group to shadow and setgid shadow. The latter of which I thought was just as much a security risk or am I totally wrong? Regards / Mit freundlichem Gruß / Salutations John Monaghan BSc (hons) Computer Science - Software Engineering (AIRS) Software Engineer Front Office Development Hogatex Software GmbH Baldhamer Straße 39, D-85591 Vaterstetten Tel: +49 / (0)8106 / 321-0, Fax:+49 / (0)8106 / 321 -111 mailto:monaghan@hogatex.de http://www.hogatex.com -----Ursprüngliche Nachricht----- Von: Martin Knoblauch [mailto:martin.knoblauch@mscsoftware.com] Gesendet: Freitag, 2. August 2002 12:13 An: Monaghan, John; suse-kde@suse.com Cc: 'Anders Johansson' Betreff: Re: AW: [suse-kde] Fwd: screensaver fails password check On Friday 02 August 2002 12:06, Monaghan, John wrote:
I thought that the shadow file only had to be root-only writable?
Regards / Mit freundlichem Gruß / Salutations
why would you need "shadow" then at all? You could just keep the password hash in /etc/passwd, which also is writable only by root. The whole reason for the shadow exercise is to keep "passwd" readable by everyone and hide the password hash from the evil users :-) Martin -- Martin Knoblauch Senior System Architect MSC.software GmbH Am Moosfeld 13 D-81829 Muenchen, Germany e-mail: martin.knoblauch@mscsoftware.com http://www.mscsoftware.com Phone/Fax: +49-89-431987-189 / -7189 Mobile: +49-174-3069245
On Friday 02 August 2002 12:51, Monaghan, John wrote:
I agree but you originally could not "see" the shadow file with kcheckpass and the fix was to set ownership to root, group to shadow and setgid shadow. The latter of which I thought was just as much a security risk or am I totally wrong?
If the shadow file were world readable then, as Martin said, you might as well stick with the plain /etc/passwd file. Anyone would be free to run dictionary attacks against it, or more sofisticated attacks. Having a daemon setuid root, or setgid shadow, means that users only get to read the file if they can hack the daemon (i.e. if there's a bug in it). If the daemon were setuid root they'd be "in", while if it's setgid shadow they'd just be able to read the shadow file, which means they still have some hacking to do, which buys the admin a little more time in securing the machine. regards Anders
On Friday 02 August 2002 12:51, Monaghan, John wrote:
I agree but you originally could not "see" the shadow file with kcheckpass
correct.
and the fix was to set ownership to root, group to shadow
correct. And mode 640, which means users cannot see the contents.
and setgid shadow.
not to shadow, but to "kcheckpass".
The latter of which I thought was just as much a security risk or am I totally wrong?
Now, somehow the system has to read the shadow file. With above setting the password hash is protected from viewing it by non-root users. Of course, setgid/setuid to priiviledged groups/users is a risk, but it is also a way to protect sensitive data. Of course, we now have to trust that there are no exploits for "kcheckpass". Martin -- Martin Knoblauch Senior System Architect MSC.software GmbH Am Moosfeld 13 D-81829 Muenchen, Germany e-mail: martin.knoblauch@mscsoftware.com http://www.mscsoftware.com Phone/Fax: +49-89-431987-189 / -7189 Mobile: +49-174-3069245
participants (3)
-
Anders Johansson -
Martin Knoblauch -
Monaghan, John