[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Weird and insecure su problem: FIXED

On Fri, Nov 15, 2002 at 05:44:56PM +0000, Pigeon wrote:
> On Fri, 15 Nov 2002 01:05:11 +0000, Glyn Kennington
> <glyn.kennington@hertford.oxford.ac.uk> wrote:
> >Check that /etc/passwd and /etc/shadow match the descriptions in `man
> >passwd` and `man shadow` respectively. 
> 
> Hey, thanks for that. It was /etc/shadow: the root password in it was
> corrupted, though the pigeon password was OK. To fix it, I simply
> copied /etc/passwd to /etc/shadow. It works now. Cool! Thanks.
> 
> >But *DON'T* send them here for a second opinion.  
> 
> Interesting. Is this simply to avoid filling the list with junk? Given
> that people post X / system logs etc. for a second opinion, probably
> not. Are you assuming that my passwords may not be safe against a
> brute-force dictionary attack, or has the "one-way" nature of the
> encryption algorithm been compromised?

Unless you're using MD5 passwords, old Unix crypt() has been broken for
a long time. In any case it's probably not a good idea to spread
/etc/shadow around, just in case. :)

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: