Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!decwrl!decvax!ucbvax!pasteur!ames!ptsfa!ihnp4!alberta!calgary!thompson
From: thompson@calgary.UUCP (Bruce Thompson)
Newsgroups: sci.crypt
Subject: Re: Unix Password Security
Message-ID: <1397@vaxb.calgary.UUCP>
Date: 26 Feb 88 21:20:03 GMT
References: <7271@brl-smoke.ARPA> <5289@well.UUCP>
Distribution: na
Organization: U. of Calgary, Calgary, Ab.
Lines: 35
Summary: Non-world readable password files

In article <5289@well.UUCP>, pokey@well.UUCP (Jef Poskanzer) writes:
> Ok, one fix would be to keep the encrypted passwords in a non-world-readable
> file, while leaving the rest of /etc/passwd readable so that nothing breaks.
> Doing this would mean adding a small hack to the getpwent routines, and
> recompiling login and passwd.  But if you don't have source, this is a
> problem.
>
>   ...
>
> 
> ---
> Jef
> 
>               Jef Poskanzer   jef@lbl-rtsg.arpa   ...well!pokey
>           "Who's going to believe you? You're just a talking head."


    This is similar to the approach taken by Apollo in their systems. I 
honestly don't know if the passwords are stored encrypted or not, as the
account file is unreadable. This relates to Apollo's protected sub-system
techniques. File(s) and/or programs can be declared as 'members' of a
protected sub-system, and only 'member' programs can access 'member' files.
Naturally, control of 'member'ship depends on the ACLs in effect for the
subsystem. (on our system, you must be root) The /etc/passwd file is as 
suggested above, everything except the passwords.

	TTFN,
	Bruce Thompson

------------------------------------------------------------------------------
Bruce Thompson				| Hey! What're you doing there at my
University of Calgary,			| terminal! (Skuffle skuffle)
Computer Science Department		| What is this chicken scratch?
(403)220-3538 or (403)220-5017 (office)	| 
					| ^X-^C
...!alberta!calgary!vaxb!thompson	|