The spasswd program is a wrapper for the normal passwd program to
allow unprivileged users to change their own passwords while preventing
the Unix superuser from arbitrarily changing other user's passwords.
The concept for the spasswd program was derived from the dtpasswd
wrapper described in Section 3.3 of [1] for NAI Labs' Domain and 
Type Enforcement (DTE) prototype.

Ordinarily, we would have just labeled the normal passwd program with
a passwd_exec_t type to cause a transition to a passwd_t domain that
is authorized to write to /etc/passwd and /etc/shadow.  However, the
passwd program ordinarily changes the password for the Unix user
identity, and it allows the Unix superuser to change any user's
password.  We want to ensure that the passwd program can only be used
to change the password for the Flask user identity unless it is being
run from a domain that is authorized to change other user's passwords.

The simplest solution is to provide a wrapper program like spasswd
that can be run by unprivileged users to change their own passwords.
The wrapper program verifies that the Flask user identity matches the
Unix user identity, and it rejects any explicit username argument.  It
then executes the normal passwd program.  The wrapper program is
labeled with the passwd_exec_t type, so it can be used to enter the
passwd_t domain.  The normal passwd program is labeled with the
general bin_t type, and thus cannot be used to enter the passwd_t
domain.  Hence, unprivileged users are forced to change passwords
through the wrapper program, and the wrapper program ensures that they
can only change their own password.  Since the administrator domain
(sysadm_t) can directly modify /etc/passwd and /etc/shadow, an
authorized administrator can directly run the normal passwd program in
order to change other user's passwords.

[1] K.W. Walker, D.F. Sterne, M.L. Badger, M.J. Petkac, D.L. Sherman
and K.A. Oostendorp. Confining Root Programs with Domain and Type
Enforcement.  In Proceedings of the Sixth Usenix Security Symposium,
1996.
