[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT]: possible spyware?



On Wed, Jun 25, 2008 at 04:42:25PM +0200, Dotan Cohen wrote:
> 2008/6/25 Andrei Popescu <andreimpopescu@gmail.com>:
> > Maybe it changed, but there used to be no password for the root
> > account...
> >
> > https://help.ubuntu.com/community/RootSudo
> >
> > no, it hasn't changed.
> 
> Nowhere does that document say that there is no password for root.
> what it does say is this:
> """By default, the root account password is locked in Ubuntu."""
> 
> There is a root password, but the user does not know it.

Typically, in unix-type systems, a "locked" account has no valid
password.

This is easily verified with (as root, of course) a simple `grep root
/etc/shadow`:

- If the field between the first and second colons contains 13
  characters long and begins with two characters from: a-zA-Z0-9./ then
  root has a (known or unknown) password hashed with crypt (and you
  should probably upgrade to MD5 password hashes).

- If this field is $1$ followed by 31 other characters, then root has a
  (known or unknown) password and is using MD5 hashes.

- If this field has any other value (typically starting with * or !,
  although it doesn't need to), then there is no valid password for the
  account because no possible input could ever produce a hash which
  matches that value.

In unix terminology, a "locked" account falls into the third category.
Debian's passwd locks an active account (passwd -l username) by
prepending a ! to the hash, making it unmatchable while also preserving
the ability to unlock it (by removing the !) at a later date, but, e.g.,
Debian's daemon account is also considered "locked" with that field
containing only a * which, again, creates the absence of any possible
valid password.  I expect this to also be true of the root password in a
default Ubuntu install, but do not have an Ubuntu machine available to
verify this.

-- 
News aggregation meets world domination.  Can you see the fnews?
http://seethefnews.com/


Reply to: