Owl: tcb: Required privileges passwd(1) is made SGID shadow chage(1) is SGID shadow A possible compromise would only let one bypass password policy enforcement for their own account Group auth may be used to grant a process read access to all password hashes should the need arise No real need for any SUID binaries on the entire system