dagmar at dsurreal.org
Fri Feb 9 10:37:01 PST 2001
On Wed, 7 Feb 2001, Rick Moen wrote:
> begin Marc MERLIN quotation:
> > John does not split the password file and ship it to 20 different machines
> > for processing by common salts (at least not last time I checked)
> Quite. For that, you'll want one of mio-star, saltine-cracker, or
> slurpie -- likewise mentioned in my article (cited previously). Which
> nobody seems to be bothering to check before posting, I notice. Ah well.
> > Daemons that crash can have a copy of the shadow file in their core file,
> > but that's only an example.
> If that is permitted, and the core file is readable by anyone but root,
> then that is a major design bug, and I assume it would be of great
> interest to Bugtraq. Can you cite any actual instances of this?
I used to snap up shadow files all the time this way, man. Especially on
HPUX systems. Wu-ftp was also quite fond of core-dumping and leaving the
core file lying around in a place you specify. Stuff like this is why the
majority of systems have core files truncated to 0 bytes by default now.
Bugtraq not only knows about this, they'd consider it a very dead issue
for that reason.
> > shadow is only security by obscurity, nothing more...
> You have my interest: Please cite a real-world example.
> > If you had the chance to setup a valid password validator before the users
> > showed up, you're fine, but in real life, you often have to check existing
> > passwords.
> Thus cracklib.
> Cheers, Before enlightenment, caffeine.
> Rick Moen After enlightenment, caffeine.
> rick at linuxmafia.com
> svlug mailing list
> svlug at lists.svlug.org
More information about the svlug