[Hcoop-discuss] Web passwords
Adam Chlipala
adamc at hcoop.net
Sun Oct 16 11:21:02 EDT 2005
Michael Potter wrote:
> The package libapache2-mod-auth-pam would continue to work even if the
> authentication scheme changed to LDAP in the future. The main
> downside is the www-data user would have to be added to the shadow
> group, so anyone with access to run scripts could read the encryped
> passwords.
Actually, I hope that we aren't giving anyone access to run scripts as
www-data. You shouldn't be able to run any general programs as any user
that you haven't explicitly requested permission to run as. In general,
if anyone finds a way to do this, even if it seems benign, then I'd like
to hear about it. :-)
Given that, does libapache2-mod-auth-pam sound like a safe choice to
everyone? The only problem I can think of is users serving /etc/shadow
as a static page, and I _believe_ that domtool's directory access
permissions (via .paths files), combined with Apache's configuration not
to follow symlinks, have been preventing this all along.
More information about the HCoop-Discuss
mailing list