Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!amdcad!ames!lll-tis!oodis01!uplherc!sp7040!sbc From: sbc@sp7040.UUCP (Stephen Carroll) Newsgroups: comp.bugs.sys5 Subject: Re: SVR3 passwd changes mode of passwd file Summary: definition of broke please! Message-ID: <511@sp7040.UUCP> Date: 28 Sep 88 14:52:47 GMT References: <3394@dunkshot.mips.COM> <5060001@hpsal2.HP.COM> <443@stiatl.UUCP> Organization: Unisys, Salt Lake City, UT Lines: 35 In article <443@stiatl.UUCP>, meo@stiatl.UUCP (Miles O'Neal) writes: ] In article <5060001@hpsal2.HP.COM>, morrell@hpsal2.HP.COM (Michael Morrell) writes: ] > I think you're missing the point. The passwd program should change a user's ] > password and THAT'S ALL. It has absolutely no business changing anything ] > else (especially if it's not documented!). ] ] No, I did not miss the point. I was addressing one of the issues that I ] saw in the article; namely that of his user's responses. With as little ] security as unix(tm) has, it's best to be as secure as possible. The other ] issue, that passwd() (or whatever did it) was broke, I did not address. ] In fact, I agree. Its broke. the passwd program first creates a temp file, ptmp, into which it copies the contents of the current passwd file, but updating the password for the user in question. ptmp is created with umask 0333, or in other words, read only access. after updating the user's passwd, it links passwd to opasswd, unlinks passwd, links temp to passwd, and then unlinks ptmp. now, opasswd should have the permissions which you may have changed it to, while passwd has read-only permission. the reason i am posting this is to throw in my two cents worth, that passwd does not change the permissions on the passwd file, but actually creates a new file. my opinion is that this works correctly, and for security reasons, is the only way it should work. if someone else feels differently, and has no security concerns for their system, they should hack the source and make things work differently. if the only complaint is that they hate typing :w! instead of :wq, then that's just a case of laziness, and should not be posted to the bugs newsgroup. this is just my personal opinion of course, and does not include the views of my company even though they agree with me. BTW: the reason i am so adamant about this subject is that i am currently working on a secure unix implementation, where this protection is absolutely necessary, even though it is a small concern compared to other security holes.