Subject: Re: [netatalk-admins] Re: Feature Suggestion: AFP/TCP running as user, not root
From: a sun (asun@zoology.washington.edu)
Date: Fri Nov 14 1997 - 17:13:41 EST
> if the server is using shadow passwords, there's always ~/.passwd and
> using the 2-way randnum uam.
Wont this essentially revoke any privileges the user would have under
normal circumstances? If not, though I believe it will, it would
constitute a very serious security hole. What would stop a user from
creating a passwd file that has a root entry with say, no passwd, then
using that passwd file to authenticate himself as root? Short of
rewriting getpwnam(), setuid(), setgid() and friends, I dont think it can
be done.
um, man setuid()/setgid() would be called for here. unless you're
root, you can't change your identity. the only hole can you open up is
allowing others to access your appleshare volume as you.
-a
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:28:08 EST