[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Otpasswd-talk] State update problem
|
From: |
Tomasz bla Fortuna |
|
Subject: |
Re: [Otpasswd-talk] State update problem |
|
Date: |
Sun, 27 Dec 2009 01:44:19 +0100 |
Dnia Sun, 27 Dec 2009 01:27:00 +0100
Tomasz bla Fortuna <address@hidden> napisaĆ(a):
> Hi,
> problem looks like this:
> When I update part of state file (without touching rest of the
> entries) I have to create temporary file, copy there everything+some
> changes, close, sync and: rename it to the correct state file.
>
> Seems ok, but as state can be in /etc and we aren't SUID root (we just
> have group/user access to single state file) I can't create temporary
> file there. So in case of global db temporary file will have to be
> created in... /tmp?
>
> I've checked how shadow packaged (the one with passwd) does it.
> Similar, but it's SUID root so it creates temporary file in /etc.
>
> Hm. Do I miss something, or have I messed the idea up?
>
> Global db is generally implemented, I have to clean up issues like
> this one, ensure permissions are always set correctly etc.
>
>
> I cleaned up code a lot also.
>
In /tmp I'd have to check if file doesn't exists, use random name, hm.
a) Use home of user running utility. Might be safer. Still required
checking home location etc.
b) Consider following:
Instead of config in /etc/security/otpasswd.conf and db
in /etc/otshadow, we can use directory /etc/otpasswd which would be
owned by SGID group (or SUID user) of utiliy keep there 'otpasswd.conf'
and 'shadow'/'db' file and have safe place for temporary file.
--
Tomasz bla Fortuna
jid: bla(at)af.gliwice.pl
pgp: 0x90746E79 @ pgp.mit.edu
www: http://bla.thera.be
signature.asc
Description: PGP signature