Subject: Re: "BSD Authentication"
To: UNIX hacker and security officer <greywolf@starwolf.starwolf.com>
From: Todd Vierling <tv@pobox.com>
List: current-users
Date: 11/23/1998 18:36:56
On Mon, 23 Nov 1998, UNIX hacker and security officer wrote:
: 2) You should be able to unlock a screensaver with the root password!
: 3) Currently, xlock needs to be setuid root because it can't get passwords
: otherwise.
:
: It seems to this country wolf that something by which password authentication
: can be done securely without compromising the integrity of the rest of the
: system
I definitely consider getting root's crypted password compromising the
integrity of the system. _No_ process without root privileges should be
able to get that. A BSD-Auth external program doesn't count; how does it
verify securely that the process requesting root's pw should be allowed to
get it?
--
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)