Re: Weird and insecure su problem: FIXED
On Fri, 15 Nov 2002 18:21:00 +0000, Colin Watson <cjwatson@debian.org>
wrote:
>On Fri, Nov 15, 2002 at 05:44:56PM +0000, Pigeon wrote:
>> On Fri, 15 Nov 2002 01:05:11 +0000, Glyn Kennington
>> <glyn.kennington@hertford.oxford.ac.uk> wrote:
>> >Check that /etc/passwd and /etc/shadow match the descriptions in `man
>> >passwd` and `man shadow` respectively.
>>
>> Hey, thanks for that. It was /etc/shadow: the root password in it was
>> corrupted, though the pigeon password was OK. To fix it, I simply
>> copied /etc/passwd to /etc/shadow. It works now. Cool! Thanks.
>>
>> >But *DON'T* send them here for a second opinion.
>>
>> Interesting. Is this simply to avoid filling the list with junk? Given
>> that people post X / system logs etc. for a second opinion, probably
>> not. Are you assuming that my passwords may not be safe against a
>> brute-force dictionary attack, or has the "one-way" nature of the
>> encryption algorithm been compromised?
>
>Unless you're using MD5 passwords, old Unix crypt() has been broken for
>a long time. In any case it's probably not a good idea to spread
>/etc/shadow around, just in case. :)
Hmm. You wouldn't happen to have a URL for a crypt()-cracker by any
chance? I'd rather like to see what the corrupted password in
/etc/shadow actually was. It might give me some clue as to how it got
there!
Pigeon
Reply to: