Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Modifying SSH to Capture Login Credentials from Attackers

From: dramacrat <yirimyah () gmail com>
Date: Wed, 30 Sep 2009 16:50:12 +1000
yes yes, the local root shouldn't know the passwords of the users just like
the users shouldn't reuse passwords.

But we're meant to be dealing with the real world, right?

2009/9/30 <jfch () jagda eu>


All standard users have read access to /var/log/auth, so if root


they shouldn't, at least on my default debian they don't ...

b



Even the (local) root shouldn't know the passwords of the users. They
often uses it on other systems....

JFCh




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: