On 09/30/08 16:35, Joep Vesseur wrote:
> On 09/29/08 22:56, John Sonnenschein wrote:
>> Hey security people
>>
>> I'm fishing for feedback on something. A user can't change his or her
>> own shell in [Open]Solaris.
>
> This is only (for the files repository, i.e. /etc/passwd) because there
> is an explicit check in passwd.c that prohibits regular users to change
> their shell and/or gecos.
>
> If you remove that check, or change it to an authorization based check
> as has been discussed, the functionality to change these account properties
> is fully functional inside passwd.
>
> I'm not opposed to creating a different binary (chsh/chfn), but I'd suggest
> to keep all this functionality in one place (passwd) and create hardlinks
> to it, if possible.
If we want the dual-role thing to be feasible then passwd would need to
know about the authorisations, and check for
"solaris.admin.self.{passwd,shell,gecos,...}" whenever someone is trying
to change their own settings, so having the same binary do the work for
others makes sense IMO.
Bart
