Re: Linux and Security

To: grep@oriole.sbay.org
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: Linux and Security
From: Michael Beattie <mickyb@es.co.nz>
Date: Wed, 19 Aug 1998 18:18:38 +1200 (NZST)
Message-id: <[🔎] Pine.LNX.3.96.980819181719.1939A-100000@omnic.rumpus.net>
In-reply-to: <[🔎] Pine.LNX.3.96.980818230334.29072E-100000@calvin.shorelink.com>

On Tue, 18 Aug 1998, George Bonser wrote:

> On Wed, 19 Aug 1998, Michael Beattie wrote:
> 
> > 2) obtain by whatever method, the hashed/encrypted/whatever password from
> > /etc/shadow.
> > 
> 
> Stop right there. Since /etc/shadow is readable only by root, if you can
> access the file, you must be root .... right? If you are root, you do not
> NEED a password to access a user's account. You can just become that user.
> You can also create your own user accounts. You can also change the root
> and user passwords or delete the passwords.
> 
> In other words ... the whole point is to protect root and keep /etc/shadow
> readable only by root. If you can read the shadow file, you don't need it.

Okay, true, but it was more of a feasability question, "if you can get the
string, is it possible to use the following method to decrypt it??"


                       Michael Beattie (mickyb@es.co.nz)

               PGP Key available, reply with "pgpkey" as subject.
 -----------------------------------------------------------------------------
            There is no snooze button on a cat who wants breakfast.
 -----------------------------------------------------------------------------
                Debian GNU/Linux....  Ooohh You are missing out!

Reply to:

Follow-Ups:
- Re: Linux and Security
  - From: George Bonser <grep@shorelink.com>

References:
- Re: Linux and Security
  - From: George Bonser <grep@shorelink.com>

Prev by Date: Re: Linux and Security
Next by Date: Re: Linux and Security
Previous by thread: Re: Linux and Security
Next by thread: Re: Linux and Security
Index(es):
- Date
- Thread