On Fri, 21 Apr 2006, Simon Wong wrote:
* They have to open a file only readable by root and report back
the contents plus the root password plus the method of attack
Getting the root password itself is quite separate from getting root
access (unless you've not cleaned up after that ubuntu bug which leaves it
cleartext). Unless someone is regularly keying in the root password and
they're capturing that somehow, then they'll need to break they crypt to
get it... (right?). Which seems a little unfair.
Cheers,
- Simon
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
