On Thu, 24 Aug 2006, Ralf Ertzinger wrote:
Hi.
On Thu, 24 Aug 2006 11:04:26 -0400, Neal Becker wrote:
Hmmm. What is the advantage of this scheme? The first disadvantage that springs to my mind is that any attacker that gains user privileges (browser bug or whatever) can suddenly change the user password.
The advantages are that passwd, etc become sgid instead of suid, and that non-root users can only attack themselves through any passwd flaws....
later, chris