On Oct 11, 2021, at 12:41 PM, Érico Nogueira wrote: > > Things in /etc > can, theoretically, only be written to by root or at least trusted > users, so treating as entirely untrusted seems a bit over the top... My understanding is that tcb exists explicitly to make these files modifiable by non-root users, to make the shadow tools unprivileged. I don't recall if GECOS or group fields are included in tcb, or if it is only the password itself. If the other fields are included, this is a much more important bug than otherwise. Best, -arw -- A. Wilcox (Sent from my iPhone) Mac, iOS, Linux software engineer