On Thu, 24 Aug 2006, Ralf Ertzinger wrote:
Hi.
On Thu, 24 Aug 2006 11:04:26 -0400, Neal Becker wrote:
>
http://www.openwall.com/presentations/Owl/mgp00020.html
Hmmm. What is the advantage of this scheme? The first disadvantage
that springs to my mind is that any attacker that gains user privileges
(browser bug or whatever) can suddenly change the user password.
The advantages are that passwd, etc become sgid instead of suid, and that
non-root users can only attack themselves through any passwd flaws....
later,
chris