[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Design principles and ethics
From: |
Jonathan S. Shapiro |
Subject: |
Re: Design principles and ethics |
Date: |
Sun, 30 Apr 2006 15:02:48 -0400 |
On Sun, 2006-04-30 at 20:48 +0200, Tom Bachmann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jonathan S. Shapiro wrote:
> > In the absence of setiud, and assuming that parents get to inspect their
> > children, how is /sbin/passwd protected?
> >
>
> Not at all. It only accesses data the user is allowed to access. I
> explained this in a former mail.
Apparently I did not see it. Here is the essential question:
/sbin/passwd requires the authority to write the password database,
which the user does not have. So: we must answer (1) how
does /sbin/passwd come to hold this authority when the user does not?
(2) Given that the running instance of /sbin/passwd is a child of a
program owned by the user, what stops the parent program from reading
that authority out of the /sbin/passwd running image?
I do remember a proposal that we should trust the user's top-level
shell. I do not know if it was your proposal, but this is not sufficient
unless we somehow guarantee that *only* the top-level shell has the
authority to start a copy of /sbin/passwd...
shap
- Re: Design principles and ethics (was Re: Execute without read (was [...])), (continued)
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Jonathan S. Shapiro, 2006/04/30
- Re: Design principles and ethics, Tom Bachmann, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Marcus Brinkmann, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Bas Wijnen, 2006/04/30
- Re: Design principles and ethics, Tom Bachmann, 2006/04/30
- Re: Design principles and ethics, Bas Wijnen, 2006/04/30
- Re: Design principles and ethics, Tom Bachmann, 2006/04/30
- Re: Design principles and ethics, Bas Wijnen, 2006/04/30
- Re: Design principles and ethics, Jonathan S. Shapiro, 2006/04/30
- Re: Design principles and ethics, Tom Bachmann, 2006/04/30
- Re: Design principles and ethics,
Jonathan S. Shapiro <=
- Re: Design principles and ethics, Tom Bachmann, 2006/04/30
- Re: Design principles and ethics, Pierre THIERRY, 2006/04/30
- Re: Design principles and ethics, Marcus Brinkmann, 2006/04/30
- Re: Design principles and ethics, Jonathan S. Shapiro, 2006/04/30
- Re: Design principles and ethics, Jonathan S. Shapiro, 2006/04/30
- Re: Design principles and ethics, Marcus Brinkmann, 2006/04/30
- Re: Design principles and ethics, Jonathan S. Shapiro, 2006/04/30
- Re: Design principles and ethics, Marcus Brinkmann, 2006/04/30
- Re: Design principles and ethics, Bas Wijnen, 2006/04/30
- Re: Design principles and ethics, Pierre THIERRY, 2006/04/30