Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] A Sys Admin's worst nightmare


On Fri, 21 Apr 2006, Simon Wong wrote:

     * They have to open a file only readable by root and report back
       the contents plus the root password plus the method of attack

Getting the root password itself is quite separate from getting root access (unless you've not cleaned up after that ubuntu bug which leaves it cleartext). Unless someone is regularly keying in the root password and they're capturing that somehow, then they'll need to break they crypt to get it... (right?). Which seems a little unfair.

Cheers,

 - Simon