Re: file handling with fopen() and fclose()
- From: Michael Mitton <michael cs millersville edu>
- To: Valdis Kletnieks vt edu
- Cc: John Breen <locutus borg apana org au>, <gtk-list gnome org>
- Subject: Re: file handling with fopen() and fclose()
- Date: Wed, 27 Feb 2002 11:44:00 -0500 (EST)
On Wed, 27 Feb 2002 Valdis Kletnieks vt edu wrote:
> On Wed, 27 Feb 2002 06:23:58 EST, Michael Mitton said:
> > Even with PAM you need to be root. I had this trouble myself and ended up
> > writing a helper script that ran suid as root and passed login info via
> > pipes. If you are not root, it seems to only auth the user your are
> > running your script as.
>
> Very true - but on the *other* hand - under what conditions do you *want*
> to be able to authenticate as some other user? That's a big security hole.
>
> 1) Unless you're very careful, the progam can then be used as a password
> guesser for another userid. You can even automate it using XTest or similar.
>
> 2) Since you're still running as yourself, authenticating as somebody else
> doesn't do squat for you - you only have your own access permissions.
> You *could* invoke or contact something else - but *that* something should
> be doing its *own* authentication. For instance, having your program
> shout down a named pipe "Yeah, it's really the other guy" is broken
> security wise - the program at the other end of the pipe needs to verify
> *for itself* that whatever is at the sending end is who it claims to be.
We were actually using a web script that needed authenticated, and apache
runs as www. :)
>
>
> --
> Valdis Kletnieks
> Computer Systems Senior Engineer
> Virginia Tech
>
>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
