17 Dec
2003
17 Dec
'03
11:17 p.m.
The server process itself still needs access to that file though in order to verify passwords, so it can't be totally protected-- a bug in the server might reveal the password file. A relatively minor point..
Actually, it could communicate with a differently-privileged process. The security gain probably isn't worth the performance hit, though. (A possible secure channel: Give the password manager a uid of its own. Have it listen on a unix-domain socket. The server process opens the socket, then fstat()s it to make sure it's really owned by the password manager.) -- Shields.