[sf-lug] John the Ripper

Kristian Erik Hermansen kristian.hermansen at gmail.com
Fri Jan 25 14:43:07 PST 2008

On Jan 25, 2008 2:36 PM, Rick Moen <rick at linuxmafia.com> wrote:
> If you have paths of escalation to root authority for bad guys, you have
> a _lot_ bigger problems than someone's subsequent ability to crack the
> system shadow password file.
> That's sort of like saying someone can steal your belongings after your
> house burns down.  Sure, true, but a bit beside the point.

No, what I meant is that a local user might be able to provoke some
uid=0 process to read from the shadow file in some interesting way.
They won't get a shell directly, but they can grab the shadow file,
which is normally unreadable to local non-root users.  So, having
that, they go away and start cracking it to gain other credentials.
Perhaps this allows them to get root in the end...
Kristian Erik Hermansen
"Know something about everything and everything about something."

More information about the sf-lug mailing list