[sf-lug] John the Ripper

Rick Moen rick at linuxmafia.com
Fri Jan 25 14:55:25 PST 2008

Quoting Kristian Erik Hermansen (kristian.hermansen at gmail.com):

> What I meant is that a local user might be able to provoke some uid=0
> process to read from the shadow file in some interesting way.
> They won't get a shell directly, but they can grab the shadow file,
> which is normally unreadable to local non-root users.

True, though I suspect a bug in security-sensitive code grave enough to
permit unsafe operations on the shadow file(s) is rather likely to have
other uses as well.  In either case, saying the problem is ability 
to dictionary-attack a stolen password file, rather than the extremely 
alarming root-escalation bug -- which _is_ what I would call that, shell
or no -- that (hypothetically) makes the theft possible is (IMVAO)
missing the point.

More information about the sf-lug mailing list