Package: crack-md5
Version: 5.0a-8
Severity: important
/usr/sbin/Crack is broken in several ways:
- It "does the right thing" with shadow passwords *only* if you run
*exactly* "Crack /etc/passwd", so for example the command line
recommended on Crack's manpage, "Crack -nice 10 /etc/passwd" does
nothing.
- It cds into /usr/share/Crack before running the real Crack, so if
you've generated your own merged passwd/shadow file "fixedpasswd"
(say) because "Crack -nice 10 /etc/passwd" doesn't work, then "Crack
fixedpasswd" won't work because Crack will cd away from the
directory in which "fixedpasswd" exists and then (I think) load
/etc/passwd as some kind of default so Crack-Reporter comments
(disorientingly, since you've fixed them in fixedpasswd) that it's
ignoring all your shadowed passwords.
At least a big note to the effect that ful pathnames are required for
the password files would be useful - in the SYNOPSIS of the manpage for
example. Better would be to extend /usr/sbin/Crack so that it does the
right thing under more circumstances, including the cases documented in
the manpage, and so that it notices when it's been given a relative
pathname to the password file and either complains or fixes it up (for
example by temporarily copying it to /var/run/Crack)...
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages crack-md5 depends on:
ii crack-common 5.0a-8 Password guessing program
ii libc6 2.3.5-8 GNU C Library: Shared libraries an
crack-md5 recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
