Adam Gleave wrote: > I've searched the archives and (re)read the man page of useradd, but I > can't understand why the -p option exists. To me, I can see no way of > using it safely (securely) as it can display on the process listing. > > Admittedly, there might be some use for it that I haven't thought of - > but in it's current form it seems far to easy to reveal a passwd hash; > the only application I can think of is when no one other than trusted > users have access to the process listing.
you mean...like maybe no one other than a system administrator is logged into the machine? Not every system has non-administrative users getting shell access. Not every system has someone seeing a process listing for a fraction of the right second as the biggest security risk. > Despite that, I think it would be better - although less clean - to have > the pasword passwed on stdin. > > So, my question is: why is it like it currently is? > > Thanks Case where I used this option: initial setup of user accounts on a school's mail server. No one but one teacher and I had shell access on the mail server. To minimize the headaches, all students initially had the same password anyway. Even if someone was watching and saw the hashed password, they learned something difficult to use they could have learned in a much easier way through other means. Yes, giving everyone the same initial PW is "wrong", but I can assure you, AS IT WAS, it took the teacher an ENTIRE CLASS PERIOD to get the students logged in the first time and changing their PWs. This wasn't the most computer savvy group in the world. I can't imagine how long it would have taken if she had to help EACH student, one-by-one, change unique PWs. And you know, if one or two of them figured out that they could get into someone else's e-mail account this way, I'd call that a GOOD thing -- they were thinking, and maybe they understand what the teacher said about "don't trust e-mail, you don't really know who sent something to you". If I helped people distrust a non-authenticated form of communications, great. OpenBSD isn't about disabling things that could possibly be improperly used. Virtually every feature has risk associated with it of SOME kind. Nick.
