henry@utzoo.UUCP (Henry Spencer) (04/17/84)
Implemented an idea that occurred to me a little while ago: a separate
uid (and gid) for the password file. This is better than having it owned
by bin, because it means that compromising bin's security (e.g. by some
hole in a setuid-bin program, of which there are several) (programs, not
holes!) no longer compromises the security of the entire system. The
passwd program's ownership has been changed to match, as has (sigh) the
ownership of /etc, which has to be writeable to the passwd program so
it can create lock files and temporaries there.
--
Henry Spencer @ U of Toronto Zoology
{allegra,ihnp4,linus,decvax}!utzoo!henry