[sf-lug] John the Ripper

Kristian Erik Hermansen kristian.hermansen at gmail.com
Fri Jan 25 14:43:07 PST 2008


On Jan 25, 2008 2:36 PM, Rick Moen <rick at linuxmafia.com> wrote:
> If you have paths of escalation to root authority for bad guys, you have
> a _lot_ bigger problems than someone's subsequent ability to crack the
> system shadow password file.
>
> That's sort of like saying someone can steal your belongings after your
> house burns down.  Sure, true, but a bit beside the point.

No, what I meant is that a local user might be able to provoke some
uid=0 process to read from the shadow file in some interesting way.
They won't get a shell directly, but they can grab the shadow file,
which is normally unreadable to local non-root users.  So, having
that, they go away and start cracking it to gain other credentials.
Perhaps this allows them to get root in the end...
-- 
Kristian Erik Hermansen
"Know something about everything and everything about something."




More information about the sf-lug mailing list