Re: Isn't it a security hole...

To: Jerzy Kakol <kakol@angband.microb.uni.wroc.pl>
Cc: debian-user@lists.debian.org
Subject: Re: Isn't it a security hole...
From: Karl Ferguson <karl@tower.net.au>
Date: Thu, 15 Aug 1996 01:23:34 +0800
Message-id: <[🔎] 1.5.4.32.19960814172334.006a6db0@tower.net.au>

At 05:01 PM 8/14/96 +0200, you wrote:
>
>...the attribute readable for others in case of the file /etc/passwd?
>
>Recently my debian system was cracked by several pirates. They have 
>account name and the password widely broadcasted on an IRC channel. The 
>only way, as I guess, they grabed root's privilages was free access to 
>/etc/passwd.
>Is there a free and debianized shadow-password package?

Make sure you take good steps to ensure your security - for example, when a
user changes passwords on my network it wont let them change it to a
dictionary word,  must have uppercase letters, and at least 1 numeral in it.
(that's the way I installed Debian 1.1 anyway - by default it does this I
think as long as you install a dictionary).

There certainly is a debian shadow password package...  Check the
project/experimental directory - be forewarned though, it's exactly that --
experimental :-)  I however have run it fine and it does seem to work
(though I'm not using it now because I reformatted).

...Karl

--
Karl Ferguson, 
Tower Networking Pty Ltd (ACN: 072 322 760)        karl@tower.net.au
t/a STAR Online Services                           karl@debian.org
Tel: +61-9-455-3446  Fax: +61-9-455-2776           http://www.star.net.au/

Reply to:

Prev by Date: Re: SCSI and EIDE
Next by Date: Re: How do I get GATEWAY2000 PS/2 mouse to work ?
Previous by thread: Re: Isn't it a security hole...
Next by thread: Re: Isn't it a security hole...
Index(es):
- Date
- Thread