[sf-lug] John the Ripper
Kristian Erik Hermansen
kristian.hermansen at gmail.com
Fri Jan 25 14:43:07 PST 2008
On Jan 25, 2008 2:36 PM, Rick Moen <rick at linuxmafia.com> wrote:
> If you have paths of escalation to root authority for bad guys, you have
> a _lot_ bigger problems than someone's subsequent ability to crack the
> system shadow password file.
>
> That's sort of like saying someone can steal your belongings after your
> house burns down. Sure, true, but a bit beside the point.
No, what I meant is that a local user might be able to provoke some
uid=0 process to read from the shadow file in some interesting way.
They won't get a shell directly, but they can grab the shadow file,
which is normally unreadable to local non-root users. So, having
that, they go away and start cracking it to gain other credentials.
Perhaps this allows them to get root in the end...
--
Kristian Erik Hermansen
"Know something about everything and everything about something."
More information about the sf-lug
mailing list