[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Cleartext Root Password

Subject: Re: [cobalt-users] Cleartext Root Password
From: Kris Dahl <krislists@xxxxxxxxxxxxx>
Date: Thu May 11 08:18:47 2000

> Btw I do not think just SUing is a safer thing to do - passwords are
> transmitted
> in clear text, and sniffing them is in no way harder to do - su does not
> provide
> for security, just for obscurity, which is worth exactly nothing. Secure shell
> (SSH) is the only (closely, because there still is the regular shell risks)
> safe
> way to permit interactive use.

Its not just about clear-text passwords.  It means you have to compromise
two accounts to gain root access.  First you need a user account and then
the root account.  Its one more thing.  And you should really be using SSH
anyway.

But there is indeed no reason why the root PW should be in clear text...
there are a number of ways that file can be illegitimately accessed
(especially if it is 644).  This should probably be posted on BugTraq.

-k

References:
- Re: [cobalt-users] Cleartext Root Password
  - From: Jan Tietze

Prev by Date: RE: [cobalt-users] Mail Server Question from Newbie
Next by Date: Re: [cobalt-users] 99.9% revisited...
Previous by thread: Re: [cobalt-users] Cleartext Root Password
Next by thread: RE: [cobalt-users] Cleartext Root Password

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index