[100869] in RedHat Linux List
Re: Hacked! :(
daemon@ATHENA.MIT.EDU (Bill Carlson)
Mon Nov 23 15:43:03 1998
Date: Mon, 23 Nov 1998 14:42:05 -0600 (EST)
From: Bill Carlson <wcarlson@kinzemfg.com>
To: redhat-list@redhat.com
In-Reply-To: <19981123111154.D11502@klondike.ml.org>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
On Mon, 23 Nov 1998 bsc@klondike.ml.org wrote:
> On Mon, Nov 23, 1998 at 01:54:10PM -0500, Jan Carlson wrote:
> > A hole that gives you access to shadow without giving you root access
> > first would be doing things the hard way - has anybody heard of one?
>
> Older versions of Xfree, if abused, could read portions of any file on
> the fs. Before I upgraded to the _more_ secure version of X, I attempted to
> read /etc/shadow. Voila, there it was.
>
> Blair.
Actually, Blair you just brought up an alternate to the rootkit for the
cracker and an even better reason to change ALL passwords. One the cracker
has exploited some bug to get root, he can grab the shadow passwords and
Crack at his leisure. And install his rootkit for good measure.
Gah, is nothing safe? (I know the answer to that)
Bill Carlson | Opinions expressed are my own
KINZE Manufacturing, Inc. | not my employer's.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
