[Pkg-shadow-devel] hardened-shadow, an alternative hardened implementation

["Paweł Hajdan, Jr."]

I'd like to announce my little project I've published recently:
hardened-shadow. It's an alternative implementation of shadow utilities
(login, su, passwd and so on), inspired by Openwall's tcb.

I'm announcing it here to possibly enable collaboration between the two
projects (I tried to maintain command-line-interface compatibility with
shadow-utils, but remaining code is written independently), and
code/feedback exchange is welcome both ways.

The project site is <http://code.google.com/p/hardened-shadow/>

You might also be interested in discussion on owl-dev,
<http://openwall.com/lists/owl-dev/2012/03/14/1>

How's hardened-shadow different? There are no SUID programs accessible
by an unprivileged user. passwd, chsh are SGID, and su is only
executable by wheel group. The codebase is smaller, hopefully making it
easier to audit and more fun to work with (the downside of course is
that it's way less tested compared to shadow-utils).

I'm currently looking for people interested in using hardened-shadow, as
well as some form of security audit of this very young codebase.

Your feedback is welcome, let me know what you think!

Paweł Hajdan, Jr.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20120321/605be95b/attachment.pgp>