Quoth FRIGN: > Before he gets in, he still has to run a brute-force/dictionary-att. on > all users. He wouldn't have much time if the admins have done their > jobs.
Well no. Think about sysadmins who have to allow users to run crappy PHP code on a shared server (so glad I'm not one of those people at the moment). An attacker can execute commands as a web user, probably far easier than brute-forcing an initial login. If they can then just copy a world readable /etc/passwd, they can do all the hash cracking offline. Which isn't possible if there's a /etc/shadow file that's unreadable to a web user. Unless I'm missing something, that's the value of the shadow system in a modern environment, when coupled with the problem that you can't necessarily trust that all users have very strong passwords. Plus your idea of what constitutes a 'strong' password is probably quite a few years out of date. I read a fun article on Ars Technica about about how brute-force cracking is done nowadays; it's pretty smart! http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ > Moreover, with less and less suid-programs in the base, root-exploits > become more and more unlikely and attacks nowadays are more directed at > system-services from the outside. That certainly seems to be true. After all, why get root on paypal's servers; the money is in any account that can access their database, which (probably at some levels of remove) is just an 'unprivelaged' web user. Nick
