At Sun, 30 Apr 2006 22:03:41 +0200, Pierre THIERRY <[EMAIL PROTECTED]> wrote: > > Scribit Tom Bachmann dies 30/04/2006 hora 21:21: > > > /sbin/passwd requires the authority to write the password database, > > > which the user does not have. > > Wrong. In my proposal she has the authority because there is no real > > ``password database''. There is just a file (say ~/.passwd) that > > contains the hash of the users password. > > So there is no /sbin/passwd, and it was not considered in the question, > which about the program accessing a central password database (which I > agree we should avoid if we can, but that is not the point).
A program that can access a central password database in write-mode is _not_ confined. It can be run as a system service that is accessed through a capability, just like any other system service, if desired. Thanks, Marcus _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
