From: Christopher Wong <[EMAIL PROTECTED]>
Date: Wed, 12 Sep 2001 12:09:54 -0400
Let me clarify my assertion. My reasoning is this: if a privileged
daemon adds no functionality nor security to the system, why run it?
That is why I called pwcheck "practically useless".
Once again: access to pwcheck's socket is comparable to read access to
/etc/shadow. Any local user can mount a dictionary attack at full speed
unless the socket's access is restricted. Giving the Cyrus account
access to the pwcheck socket is equivalent to giving the Cyrus account
read access to /etc/shadow. So why use pwcheck at all? It's another
privileged daemon to worry about. The shadow group method gives
equivalent security without needing a daemon.
This isn't true. If you can't detect an _on-line_ dictionary attack
you have a serious problem. This is very different from being able to
read /etc/shadow.
What threat model are you worried about right now? Someone breaking
into the Cyrus account and stopping them from being root? Someone
with a local account attempting to elevate their privs but without
access to the Cyrus account?
And what is the threat model that allows you to not worry about the
use of plaintext passwords over the wire?
Larry
