Traditional password shadowing Password hashes and aging information of all users are stored in a single file passwd(1) possesses the privilege to alter all entries in the shadow file The traditional filesystem layout forces passwd(1) to be SUID root chage(1) possesses the privilege to read all entries in the shadow file A passwd process compromise is fatal The problem cannot be fixed by assigning a dedicated user for /etc/shadow accesses