[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /etc/passwd - less security implementation 4 Slackware



As I said before, all things are normally linked to libc in normal
systems. But I do not run normal systems, as they are often embedded and
such. 

There is no law against linking applications 'hard' againsta a library. A
short session with the makefile and a rebuild is all that is needed.

The advantages are two: One, for booting when a /lib is not available,
such as on controllers, where there is only one program in the system,
that is started by the kernel at boot time, or only a few that are really
symbolic links to one program. Two, when for some reason the libs either
change often or tend to be mounted after the system is running. By 'change
often' I mean, when one is recompiling them for testing. You do not want
the key file system and management tools to depend on quicksand...

On Thu, 1 Jan 1998, Alex Shnitman wrote:

> On Wed, 31 Dec 1997, Peter L. Peres wrote:
> 
> > Ok, I use Slackware a lot and it has only shadow and /etc/passwd based
> > security. I want to implement a dbm-based ACL scheme. It should not cover
> > X running on that machine.
> > 
> > The question is, what needs to be changed except crypt, getpwent, etc in
> > libc. I assume that I will recompile all the required servers and
> > utilities, and the libc, and the kernel.
> 
> If only you were running a normal system based on PAM, such as Red Hat,
> you could write a simple PAM module and then make all authenticating
> programs use it without recompiling them or anything else in the system.
> Since you're using Slackware you'll either have to move to PAM anyway (the
> preferred choice if you ask me), or hack libc, in which case I beleive you
> won't have to recompile anything besides it since all the programs, even
> login, are dynamically linked, are they not?
> 
> 
> ---
>   Alex Shnitman ...................... alexsh@linux.org.il
>   PGP key on Web page .......... http://alexsh.home.ml.org
>   Make this your home: .............. http://www.linux.org
> 
> 
>