undefined | Better HN

0 pointsyjftsjthsd-h7d ago0 comments

> how many binaries are suid binaries while they probably shouldn't be (passwd

I would expect an unprivileged user to be able to change their own password. How else would that work?

0 comments

kam7d ago

Send a message to a socket-activated daemon running as a UID with write access to the password database.

Isn't the issue in this case caused not by suid, but by a daemon running as root reading files from a tmp dir? Seems like a socket-activated daemon wouldn't solve this specific case.

magicalhippo7d ago

> How else would that work?

Windows way is to have a privileged service which the non-privileged user application talks to over sockets or similar.

NekkoDroid7d ago

systemd-homed stores most of the user specific information in the home directory `~/.identity`, but since the file contents have to be signed the changes need to be done though a daemon, which is talked to via IPC (homectl does the talking to systemd-homed).

j / k navigate · click thread line to collapse