[9065] in Athena Bugs
rsaix 7.3S: /etc/security/passwd
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Mon Mar 9 09:46:33 1992
Date: Mon, 9 Mar 92 09:46:10 -0500
From: "Jonathan I. Kamens" <jik@pit-manager.MIT.EDU>
To: lwvanels@mit.edu
Cc: bugs@Athena.MIT.EDU
In-Reply-To: [9060]
From: lwvanels@Athena.MIT.EDU
Date: Mon, 9 Mar 92 08:31:46 -0500
Reply-To: lwvanels@mit.edu
Unfortunately, /etc/security/passwd is owned by root and mode 600 on stock
AIX. Unless you can assume that every workstation that will be running
xscreensaver has had these permissions changed, it may be better to make it
setuid root.
Might this be considered a bug in AIX?
What good is /etc/security being readable by group security if the
files in /etc/security are not? Yes, I know, some of them are, but I
see no reason to treat passwd differently. Is this different
treatment explicit? Is it justified anywhere in the AIX
documentation?
I am reluctant to make xscreensaver setuid root, although I'll do it
if I have to, I guess (I'll also have to add some code to give up the
setuid bits immediately after reading the password).
jik
