[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-root password lookups?

J. S. Connell wrote:
> This is one of the reasons I've never bothered with shadow passwords on
> Linux - everything must either be suid root or sgid shadow, and that's a
> lot of power to give to $some_random_program.

Er, making something sgid shadow gives it the power to read /etc/shadow, and
no other power at all.

> I just make sure I use 'unguessable' passwords, and I don't have lusers on
> my boxes.

All passwords are brute-forcable. If distributed.net were out to crack unix
passwords, it could probably do one per hour.

see shy jo

Reply to: