Inaccessible password files
Mike Lutz
mjl at ritcv.UUCP
Sun Jul 17 06:03:02 AEST 1983
One problem with unreadable (or otherwise inaccessible) password files is
the implicit assumption that only privileged processes need to use the
information. We have some database inquiry programs that run set-gid
or set-uid, and which demand the invoker type his/her password again.
While not perfect, the technique does stave off attempts to use an
active terminal to gain access to unauthorized information. We use
this primarily in cases where the command is the interface to some
moderately private information that only the "real" person should see.
Of course, all such programs could run as set-uid root and access the
protected password file. We prefer our approach, as it attempts to
abide by the "principle of least privilege". Also, the hidden password
file technique can lead to a false sense of security (read the UNIX
security paper from V6).
Mike Lutz {allegra,seismo}!rochester!ritcv!mjl
More information about the Comp.unix.wizards
mailing list