VB: become_root remove patches (head)
Andy Bakun
abakun at reac.com
Thu Aug 19 00:46:05 GMT 1999
"Matthias Wächter" wrote:
> On Thu, 19 Aug 1999, Stephen Langasek wrote:
>
> > Also, Unix traditionally requires the user to be able to prove he knows the
> > old password before allowing a password change. Compromising user accounts
> > becomes a lot easier if any process running with the user's permissions can
> > modify the smb password entry.
>
> So ... why not split this part from smbd to a program running suid 0 like
> /bin/passwd? Same problem, same solution, isn't it?
In that line of though, just have the child process communicate with the root
smbd and have it do the password change. The grandfather smbd is always running
as root, right?
More information about the samba-technical
mailing list