Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
saagarjha
6y ago
0 comments
Save
Share
How do you suggest implementing passwd without setuid?
0 comments
4 comments · 2 top-level
top
newest
oldest
mehrdadn
6y ago
· 2 in thread
Off the top of my head? Ask a system service that has the privilege to change it for you after authenticating you.
saagarjha
OP
6y ago
Isn’t that exactly what passwd is? A system service that has permission to change the passwords file?
mehrdadn
6y ago
No, the point is that passwd should obtain its privilege by virtue of being started by a privileged process, not by virtue of being marked as a privileged program when it's run by an unprivileged user.
1 more reply
JdeBP
6y ago
Using the design of the LSASS is one way, as mentioned. Others include OpenWall's tcb, and Daniel Rench's userdirs.
*
https://www.openwall.com/tcb/
*
https://web.archive.org/web/20030919191907/http://dren.ch:80...
j
/
k
navigate · click thread line to collapse
