Combining passwd programs
tavis at mahler.econ.columbia.edu
Thu Jun 18 22:52:46 GMT 1998
A couple of us have been talking about writing a passwd binary that would
basically take the smbpasswd.c program and add a routine to change the
Unix password right after the one that changes the smbpasswd file.
The only trouble is, in order to change the Unix password, as far as I know
the program has to be run setuid root. I remember that smbpasswd was
changed recently so that it didn't have to be run this way (in fact it
couldn't but that's easy enough to comment out of the code). My question
for ye wise ones: Are there any particular security holes created by running
the smb password-changing routine as setuid root that aren't created by
running other programs (e.g., Unix passwd) as setuid root?
Thanks for your help,
More information about the samba-ntdom