Re: Linux and Security

To: Michael Beattie <mickyb@es.co.nz>
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: Linux and Security
From: George Bonser <grep@shorelink.com>
Date: Tue, 18 Aug 1998 23:06:20 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.980818230334.29072E-100000@calvin.shorelink.com>
Reply-to: grep@oriole.sbay.org
In-reply-to: <[🔎] Pine.LNX.3.96.980819171432.1553A-100000@omnic.rumpus.net>

On Wed, 19 Aug 1998, Michael Beattie wrote:

> 2) obtain by whatever method, the hashed/encrypted/whatever password from
> /etc/shadow.
> 

Stop right there. Since /etc/shadow is readable only by root, if you can
access the file, you must be root .... right? If you are root, you do not
NEED a password to access a user's account. You can just become that user.
You can also create your own user accounts. You can also change the root
and user passwords or delete the passwords.

In other words ... the whole point is to protect root and keep /etc/shadow
readable only by root. If you can read the shadow file, you don't need it.

George Bonser

The Linux "We're never going out of business" sale at an FTP site near you!

Reply to:

Follow-Ups:
- Re: Linux and Security
  - From: Michael Beattie <mickyb@es.co.nz>

References:
- Re: Linux and Security
  - From: Michael Beattie <mickyb@es.co.nz>

Prev by Date: Re: Apt how, why, where
Next by Date: Re: Linux and Security
Previous by thread: Re: Linux and Security
Next by thread: Re: Linux and Security
Index(es):
- Date
- Thread