dce@smsc.sony.com (David Elliott) (12/10/90)
In article <1990Dec8.215719.15358@IRO.UMontreal.CA>, quennevi@IRO.UMontreal.CA (Charles Quenneville) writes: |> I would like to implement a password security in a program. For |> example, I want to put in a public directory a program for just |> a certain number of users (of different groups). I have thought |> of using getpass() but if I do so, it would be easy for someone |> to use `strings' and find the password. You're confused as to what getpass() does. It simply prompts the user for a password and gets what the user types. Since 'strings' works on the executable, it's unrelated. That is, unless you want to put the actual passwords in the program. Then again, if you are writing a secure program, it's almost certain that the program will be setuid or setgid, in which case you can protect the program from being read by anyone other than that uid or gid. (If this isn't the case, you must be protecting an algorithm, in which case you need to do this anyway, since disassemblers are fairly easy to come by.) Still, it's better not to put passwords in a program, since you need to be able to change them. So, if you put them in a file that is readable only by the appropriate uid or gid, you'll be very safe. You'll be even safer if you don't store the salt with the passwords, and safer still if you make sure the passwords aren't common words. |> I know I could crypt the program and then give the key to the |> people who would want to run the program. That's not what I want |> to do. More confusion. If you encrypt the program, the people who want to run it have to decrypt it. Since Unix has no builtin way to exec an encrypted program directly, they would have to make an executable file with it. If the program is setuid or setgid, then the users probably won't be able to give the program the correct ownerships and modes. In addition, people tend to be lazy, so what you'll find is that once the program is decrypted, it will be left around where others will find it. |> Plus, could anyone tell me how to extract the fields in the |> /etc/passwd file? Either by using the structure in the pwd.h file |> or simply by using for's and while's. You don't. With BSD hashed password files, Yellow Pages, Kerberos, and other user data storage mechanisms, reading /etc/passwd may not get you what you expect, so you need to use. Also, if you are interested in the password field, it may not even be there, as many systems have switched over to a shadow password file. One program that does a pretty good job of doing all this portably is xlock version 2 (available from your favorite X archive). It does have to be run setuid root on systems using the shadow password file, though. This bothers me, but with no readily-available alternatives, it's workable. -- ...David Elliott ...dce@smsc.sony.com | ...!{uunet,mips}!sonyusa!dce ...(408)944-4073 ..."It's like his pants were confused..." - Lynda Barry
frank@grep.co.uk (Frank Wales) (12/12/90)
In article <1990Dec10.153246.6297@smsc.sony.com> dce@smsc.sony.com (David Elliott) writes: >Then again, if you are writing a secure program, it's almost certain >that the program will be setuid or setgid, in which case you can >protect the program from being read by anyone other than that uid >or gid. Stop anyone at all from reading a binary executable (except the super-user) with chmod -r, and it will still work; readability doesn't matter. -- Frank Wales, Grep Limited, [frank@grep.co.uk<->uunet!grep!frank] Kirkfields Business Centre, Kirk Lane, LEEDS, UK, LS19 7LX. (+44) 532 500303