[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT]: possible spyware?

On Wednesday 25 June 2008 07:42:25 am Dotan Cohen wrote:
> 2008/6/25 Andrei Popescu <andreimpopescu@gmail.com>:
> > Maybe it changed, but there used to be no password for the root
> > account...
> >
> > https://help.ubuntu.com/community/RootSudo
> >
> > no, it hasn't changed.
>
> Nowhere does that document say that there is no password for root.
> what it does say is this:
> """By default, the root account password is locked in Ubuntu."""
>
> There is a root password, but the user does not know it.
>

There is not a root password. There is a hash for the root password, but this 
hash matches no possible value, meaning that there is no password (the 
password, in order to exist as such, would have to validate against the hash 
stored in /etc/shadow).

What Ubuntu does is nothing special: you can see for yourself by creating a 
dummy account and locking its password:
 # passwd -l dummy-account
Now, look at /etc/shadow. You will see a "!" character in the password hash 
field. All it does is set the password hash to an exclamation point. Since 
this is not a valid hash, no possible string will ever unlock this account 
through any login manager that uses said hash. 

-- 
Lee Glidewell           | PGP key: D5D686A7
lee.glidewell@gmail.com |
Reply to: