[sf-lug] John the Ripper

Rick Moen rick at linuxmafia.com
Fri Jan 25 14:36:53 PST 2008


Quoting Kristian Erik Hermansen (kristian.hermansen at gmail.com):

> You should learn about unshadow :-)  There are still many ways to
> obtain the shadow file even if you are not root (think kernel leaks,
> file race conditions, setuid hijacking)!

If you have paths of escalation to root authority for bad guys, you have
a _lot_ bigger problems than someone's subsequent ability to crack the
system shadow password file.

That's sort of like saying someone can steal your belongings after your
house burns down.  Sure, true, but a bit beside the point.





More information about the sf-lug mailing list