*BSD News Article 64529


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!qns3.qns.com!imci4!newsfeed.internetmci.com!iol!tank.news.pipex.net!pipex!blackbush.xlink.net!news.nordwest.de!lemur.nord.de!dagobert.lemur.nord.de!thomas
From: THOMAS Wintergerst <thomas@dagobert.lemur.nord.de>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Shadow password functions?
Date: Sat, 30 Mar 1996 19:40:10 +0100
Organization: Lemuria Private Computing
Lines: 29
Message-ID: <Pine.BSF.3.91.960330192221.16407C-100000@dagobert.lemur.nord.de>
References: <4j5qf7$hja@cpmt.cyberport.net> <m0u2OtS-0001l8C@hammy.lonestar.org>
NNTP-Posting-Host: dagobert.lemur.nord.de
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <m0u2OtS-0001l8C@hammy.lonestar.org>

On Thu, 28 Mar 1996, Gordon Burditt wrote:

> Date: Thu, 28 Mar 96 15:06 CST
> From: Gordon Burditt <sneaky.lerctr.org!gordon@picard.nord.de>
> To: lemur.nord.de!thomas@picard.nord.de
> Newgroups: comp.unix.bsd.freebsd.misc
> Subject: Re: Shadow password functions?
> 
> >program this is the recommended way. I think there is no (official) way to 
> >let a normal user read the encrypted password.
> 
> I thought the whole point of shadow password files was to not let
> normal users, authorized or not, read encrypted passwords, period.
> 
> 					Gordon L. Burditt
> 					sneaky.lerctr.org!gordon
> 

Normal users are not able to read the shadow password file. This can only 
be done by root or by programs that are "setuid root". These programs 
like "login" or "passwd" must be carefully written (and I hope they are). 
So if someone wants to read encrypted passwords he must install a "setuid 
root" program or gain root access somehow. And if he can do this the 
system can be hacked anyway.

Sorry if the word "official" was confusing.

Thomas