[sf-lug] John the Ripper
rick at linuxmafia.com
Fri Jan 25 14:55:25 PST 2008
Quoting Kristian Erik Hermansen (kristian.hermansen at gmail.com):
> What I meant is that a local user might be able to provoke some uid=0
> process to read from the shadow file in some interesting way.
> They won't get a shell directly, but they can grab the shadow file,
> which is normally unreadable to local non-root users.
True, though I suspect a bug in security-sensitive code grave enough to
permit unsafe operations on the shadow file(s) is rather likely to have
other uses as well. In either case, saying the problem is ability
to dictionary-attack a stolen password file, rather than the extremely
alarming root-escalation bug -- which _is_ what I would call that, shell
or no -- that (hypothetically) makes the theft possible is (IMVAO)
missing the point.
More information about the sf-lug