|
Full Disclosure
mailing list archives
Re: Modifying SSH to Capture Login Credentials from Attackers
From: dramacrat <yirimyah () gmail com>
Date: Wed, 30 Sep 2009 16:50:12 +1000
yes yes, the local root shouldn't know the passwords of the users just like
the users shouldn't reuse passwords.
But we're meant to be dealing with the real world, right?
2009/9/30 <jfch () jagda eu>
All standard users have read access to /var/log/auth, so if root
they shouldn't, at least on my default debian they don't ...
b
Even the (local) root shouldn't know the passwords of the users. They
often uses it on other systems....
JFCh
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: Modifying SSH to Capture Login Credentials from Attackers Fernando A. Lagos B. (Sep 30)
| 
