Niklas S�derlund <[EMAIL PROTECTED]> writes: > So, how do i solve this problem? I'd like to keep the login-account, > without komprimising security.
There are four more bits than the traditional rwxrwxrwx. And you want to do is modify those bits on /etc/passwd to say (i) processes that have no uid:s at all are not included in "others", and (ii) such processes are not allowed to access /etc/passwd. But it's harder than it sounds, because chmod doesn't yet know about those bits. There have been some patches on the hurd-bugs mailing list. Also the default for the bit that decides whether or not no-uid processes are included in "others" isn't really decided yet. And at last, if you have the login shell only on the console (that's the default behavior, iirc), and if you have no locked door between the console and the physical machine, remember that an attacker that can walk up to the console probably has easier ways to break into the machine than running crack on the /etc/passwd file. /Niels -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
