Subject: Re: suid helper to read own passwd entry
To: None <joerg@britannica.bec.de>
From: Matthias Drochner <M.Drochner@fz-juelich.de>
List: tech-userlevel
Date: 12/01/2006 17:33:21
> any exploit in a normal user program can be used to get the hash for
> offline attacks

Yes, I was aware of this. It is as easy as calling getent(1).
But an implementation of a similar mechanism at PAM level
would have the problem that the plaintext password needs
to be passed to the suid helper.
And an exploit in a user program can as well do some
syscall tracing against the unprivileged client program.

best regards
Matthias