Password security (was Re: comp.unix.wizards)

David Elliott dce at smsc.sony.com
Tue Dec 11 02:32:46 AEST 1990


In article <1990Dec8.215719.15358 at IRO.UMontreal.CA>, quennevi at IRO.UMontreal.CA (Charles Quenneville) writes:
|> I would like to implement a password security in a program. For
|> example, I want to put in a public directory a program for just
|> a certain number of users (of different groups). I have thought
|> of using getpass() but if I do so, it would be easy for someone
|> to use `strings' and find the password.

You're confused as to what getpass() does.  It simply prompts the
user for a password and gets what the user types.  Since 'strings'
works on the executable, it's unrelated.  That is, unless you
want to put the actual passwords in the program.

Then again, if you are writing a secure program, it's almost certain
that the program will be setuid or setgid, in which case you can
protect the program from being read by anyone other than that uid
or gid.  (If this isn't the case, you must be protecting an algorithm,
in which case you need to do this anyway, since disassemblers are
fairly easy to come by.)

Still, it's better not to put passwords in a program, since you need
to be able to change them.  So, if you put them in a file that is
readable only by the appropriate uid or gid, you'll be very safe.
You'll be even safer if you don't store the salt with the passwords,
and safer still if you make sure the passwords aren't common words.

|> I know I could crypt the program and then give the key to the
|> people who would want to run the program. That's not what I want
|> to do.

More confusion.  If you encrypt the program, the people who want to run
it have to decrypt it.  Since Unix has no builtin way to exec an
encrypted program directly, they would have to make an executable file
with it.  If the program is setuid or setgid, then the users probably
won't be able to give the program the correct ownerships and modes.

In addition, people tend to be lazy, so what you'll find is that
once the program is decrypted, it will be left around where others
will find it.

|> Plus, could anyone tell me how to extract the fields in the 
|> /etc/passwd file? Either by using the structure in the pwd.h file
|> or simply by using for's and while's.

You don't.  With BSD hashed password files, Yellow Pages, Kerberos, and
other user data storage mechanisms, reading /etc/passwd may not get you
what you expect, so you need to use.  Also, if you are interested in
the password field, it may not even be there, as many systems have
switched over to a shadow password file.

One program that does a pretty good job of doing all this portably is
xlock version 2 (available from your favorite X archive).  It does have
to be run setuid root on systems using the shadow password file,
though.  This bothers me, but with no readily-available alternatives,
it's workable.

-- 
...David Elliott
...dce at smsc.sony.com | ...!{uunet,mips}!sonyusa!dce
...(408)944-4073
..."It's like his pants were confused..." - Lynda Barry



More information about the Comp.unix.questions mailing list