-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 1 Jul 2000, Thor wrote: > huh ? and you call this an xploit ? > > if you have physical access to the console and floppy drive you can always > start with a boot + root floppy, mount the hard disk and modify the > mounted /etc/passwd file ... this is an old trick, usefull when you > loose the root password ;-) Yes, that's correct, but there's a huge difference in an exploit that needs a reboot (boot+root floppy) to work or one that works without putting off any simple monitoring tools. A vi'd passwordfile isn't checked for every other minute... a reboot doesn't go around unnoticed... Mark Janssen Unix Consultant Unix Support Nederland / PSInet Netherlands E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: markjanssen.homeip.net www.markjanssen.nl www.maniac.nl Fax/VoiceMail: +31 20 8757555 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org Filter: gpg4pine 4.0 (http://azzie.robotics.net) iD8DBQE5XbkWb6urvDV9IXgRAiMEAJ9tsNTHh/brv5jO1mbMmdiU2ndtyQCfYSEX OGZaPO7airhlgetmJ/gqGHk= =OBIz -----END PGP SIGNATURE-----
