fedora-devel-list

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: tcb - the alternative to shadow Neal Becker Sat Sep 09 09:45:22 2006

Ralf Ertzinger wrote:

> Hi.
> 
> On Thu, 24 Aug 2006 11:04:26 -0400, Neal Becker wrote:
> 
>> http://www.openwall.com/presentations/Owl/mgp00020.html
> 
> Hmmm. What is the advantage of this scheme? The first disadvantage
> that springs to my mind is that any attacker that gains user privileges
> (browser bug or whatever) can suddenly change the user password.
> 

How is that a disadvantage, compared to existing systems?  With previous
systems, if you gain user priv you can also change user password.  I think
the idea of tcb is that's all you can do.  No suid root stuff is used. 
(Honestly, I don't know much about tcb - I just thought it might be of
interest)

-- 
fedora-devel-list mailing list
[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/fedora-devel-list