Red Hat Bugzilla – Bug 2451
pwdb_chkpwd should not be setuid root
Last modified: 2008-05-01 11:37:50 EDT
pwdb_chkpwd doesn't need to be setuid root as far as I can
see. setgid `shadow' should be sufficient, just like
utempter is only setgid `utmp'.
Good point, I agree completely :-)
Not all sites implement setgid shadow scheme.