Subject: Re: replacement for /etc/passwd
To: Alan Post <>
From: Todd Vierling <>
List: tech-security
Date: 12/10/2002 21:43:35
On Tue, 10 Dec 2002, Alan Post wrote:
: The current behavior *requires* either a daemon or setuid program.
What's the difference between cracking setuid in the current world and, say,
cracking setuid apost and setting *root*'s password in the new world (and,
since you've cracked the privs, adding the calling user to group wheel to do
the su root)?
I'm at a loss as to what this usefully accomplishes in terms of security.
-- Todd Vierling <>