Re: etc/passwd file
From: Bill Unruh (unruh@string.physics.ubc.ca)Date: 10/28/02
- Next message: norm: "Re: port scanning withing the US: legal?"
- Previous message: : "Re: etc/passwd file"
- In reply to: David Webb: "Re: etc/passwd file"
- Next in thread: Richard Caley: "Re: etc/passwd file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: unruh@string.physics.ubc.ca (Bill Unruh) Date: 28 Oct 2002 17:47:07 GMT
david20@alpha1.mdx.ac.uk (David Webb) writes:
]In article <apcro9$pjo$1@spacebar.ucc.usyd.edu.au>, "tina" <comp5019@hotmail.com> writes:
]>why is the /etc/passwd file not hidden
]>to make the system more secure?
]>
]>
]/etc/passwd is world readable because when they developed Unix no one
]thought about the security implications of anyone being able to read
]the encrypted passwords. It really was another world when Unix was being
]developed.
Untrue. It was made open to ensure that the system designers designed
the password storage system so that even if the password database was
known to all, it would still be secure. Password hiding is not a very
effective form of security.
]When they were forced to think about it too many applications depended upon
]other information in /etc/passwd being world readable.
?? They? They designed it that way on purpose.
]Hence the development of the shadow password cludge - leaving all the other
]information in the world readable /etc/passwd file and putting the sensitive
]password information in another more secure file.
Kludge? Well, yes, if you continue to use the crypt(3) passwords then it
is a kludge.
]
]David Webb
]VMS and Unix team leader
]CCSS
]Middlesex University
- Next message: norm: "Re: port scanning withing the US: legal?"
- Previous message: : "Re: etc/passwd file"
- In reply to: David Webb: "Re: etc/passwd file"
- Next in thread: Richard Caley: "Re: etc/passwd file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
