Re: Fwd: Password leaks are security holes
On Thu, Aug 28, 2008 at 01:05:19PM +0200, Johan Walles wrote:
> 2008/8/28 Giacomo A. Catenazzi <email@example.com>:
> > auth.log was invented for this reason, and separated to standard log:
> > it should be readable only by root, because users do errors.
> It's readable by anybody with physical access to the hardware.
> Hard disks get stolen all the time , and on publicly accessible
> machines it's often possible to boot in runlevel 1 or from something
> other than the hard disk and access any files you like. That's why
> the passwords in /etc/shadow are all hashed, rather than just being
If you take this argument to its logcal conclusion it affects pretty
much any piece of software. If you accidentally type your password into
a text editor it may save a backup file containing that password, for
example. Type it into an IRC client by mistake and it'll become rather
more public than you might anticipate.
Once you start worrying about people with physical access to the machine
there's a whole bunch of other issues to deal with - things like SSH
private keys are also going to get exposed, for example.
"You grabbed my hand and we fell into it, like a daydream - or a fever."