[olug] Scripting

Mark A. Martin mmartin at amath.washington.edu
Sat Nov 18 18:52:08 UTC 2000


One of the points I was trying to make is that all you need is read
access to a copy of the password file or part of the password file
before it is shadowed to access other people's accounts.  Once you have
the crypted version of any number of passwords from the password file,
you can grind away at them with crack in the usual way to get other
people's passwords.  Granted that it's not as fun as having root but it
doesn't hurt to be able to use someone else's account to launch
shenanigans from. Also, if someone has part of the password file, they
could always share it with friends.  I wasn't suggesting that someone
could gain root access.  It doesn't hurt to set the file permissions on
your temporary file, just to make sure that the script won't do
something foolish if the person launching the script has their umask set
improperly.
-- 
---------------------------------------------------------------------------
Mark A. Martin					Dept of Applied Mathematics
http://www.amath.washington.edu/~mmartin	University of Washington
---------------------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net



More information about the OLUG mailing list