unable to login
Mike Beattie
mike.beattie at otago.ac.nz
Wed Jul 7 15:45:22 EDT 2004
On Wed, Jul 07, 2004 at 10:47:39AM -0700, Wil Cooley wrote:
> No, saslauthd runs as root--it's role is to provide authentication
> services, often for PAM or shadow authentication, which requires root
> access. It's a much better solution than creating a 'shadow' group and
> making /etc/shadow readable by it and putting cyrus into that group.
And I hate to point out, but then, if a malicious user manages to find a
flaw in cyrus they could hypothetically use that flaw to get a copy of
/etc/shadow. (If I'm mistaken, *please* correct me)
Only the second worst thing after actually getting a root shell, IMO.
Mike.
--
Mike Beattie <mike.beattie at otago.ac.nz> UNIX Systems Engineer, ITS
Ph: +64 3 479 8597 Fax: +64 3 479 5080 Cell: +64 27 44 80386
* Opinions expressed are my own, not those of the University of Otago *
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list