Xref: utzoo comp.unix.questions:9584 comp.bugs.sys5:604 Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!rutgers!mailrus!wasatch!utah-gr!uplherc!sp7040!sbc From: sbc@sp7040.UUCP (Stephen Carroll) Newsgroups: comp.unix.questions,comp.bugs.sys5 Subject: Re: SVR3 passwd changes mode of passwd file Summary: well, you are right Message-ID: <515@sp7040.UUCP> Date: 3 Oct 88 16:33:59 GMT References: <3394@dunkshot.mips.COM> <344@stiatl.UUCP> <4827@cbmvax.UUCP> <384@levels.sait.edu.au> Organization: Unisys, Salt Lake City, UT Lines: 29 In article <384@levels.sait.edu.au>, ccdn@levels.sait.edu.au (DAVID NEWALL) writes: ] In article <4827@cbmvax.UUCP>, ditto@cbmvax.UUCP (Michael "Ford" Ditto) writes: ] > The complaint here is not about security or lack thereof, it's about ] > programs undoing the system administrator's actions. ] > ] > Where should this "enforced security" end? Should /bin/passwd also ] > chmod / to 555 mode as well? And what about /etc/? Should "ls" ] > remove world write permission from /dev/mem if it happens to discover ] > it? ] ] I haven't got the sources, so I don't know for sure... I imagine passwd ] writes a _brand new_ copy of /etc/passwd. So it's not a case of passwd ] "happening to discover" that the mode isn't 444. On the contrary, it's a ] case of passwd not noticing that the mode is other than 444. according to the sources, David is correct. Passwd creates a copy of /etc/passwd as /etc/ptmp, and makes the changes for the new passwd there. After the passwd has been changed and verified, passwd links /etc/passwd to /etc/opasswd, and then unlinks /etc/passwd. It then links /etc/ptmp to /etc/passwd and unlinks /etc/ptmp. It does all this with umask set to 0333, thereby ensuring a new file with mode 444. So it's not really a case of not noticing that the old mode had been changed, but really a case of not caring. If security is really a concern at all, this is the only way (besides setting umask to 0777 1/2 :-) which this should work. ] ------------------------------------------------------------------------- ] David Newall Phone: +61 8 343 3160 ] South Australian Institute of Technology Fax: +61 8 349 6939 ] The Levels, South Australia, 5095 E-mail: ccdn@pisa.sait.oz.AU