-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 29 May 00, at 15:31, Krzysztof Dabrowski wrote:
> Don't you think that this histeric reaction is a bit too far?
> checkpassword is certainly safer suid program that most of suids in
> your system.
No it is not. Any program which allows to enumerating /etc/shadow
is a gaping security hole. Full stop.
checkpassword is "safe" only in the sense that there's no buffer
overflow or race condition or something like that. It has been
designed to read /etc/shadow. However, reading /etc/shadow
_must_ be limited to root - that's essential. Please not DJB's
installation instructions: Not only don't make it suid root, but don't
even make it runnable by non-root; chmod 700 is what djb
suggests.
> On PAMified system you can still use it as dictionary cracker :)
Yes; but after each attempt the system sleep()s before answering,
and after this (three?) many failed attempts, an entry in the logs is
generated.
So you can use a dictionary; but only with like ten attempts per
day to go unnoticed.
> all in all, on a non-shell system (like most ISP's mail servers) where
> only admins have shell access. making checkpassword suid is nothing
> bad. CERTAINLY not as bad as you portrait it.
On a box where only root is ever allowed, you're right. As soon as
there's a single non-root login account, suid checkpassword is a no
way. (Once the users can upload their cgi scripts, php pages, edit
their .qmail files, they can spawn off the dictionary attack.)
It's as simple as that.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTJlE1MwP8g7qbw/EQIfSgCdGePRM/BLCwHOzbH/fX9ajCZPx6AAoKLe
l54ewNpLjzes+7CoGJQOqnQK
=34Bd
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
