Full Disclosure mailing list archives
Re: Re: Full-Disclosure Digest, Vol 17, Issue 31
From: Vidar Løkken <vidarlo () vestdata no>
Date: Mon, 17 Jul 2006 13:28:56 +0200 (CEST)
On Sun, 16 Jul 2006, Jhou Shalnevarkno wrote:
I've come to the realisation that plain text can be entered to change the root password in Slackware Linux. It doesn't check for the original password.. Surely this isn't right, perhaps its my bit of confusion but I think that its a minor case of stupidity that even though the root user has rwx access to all filesystems, this shouldn't be the case with passwords.
Root can always change a password for a user or himself without knowledge of the old password. It has always been so, in any Linux and BSD I know of. And it is so by design, since a root console should not be left logged in anyway. And those who are root, can just edit the files, so what is the point in asking for the former password? It adds nothing in security...
--
MVH,
Vidar
Anthony's Law of Force:
Don't force it; get a larger hammer.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Full-Disclosure Digest, Vol 17, Issue 31 Jhou Shalnevarkno (Jul 16)
- Re: Re: Full-Disclosure Digest, Vol 17, Issue 31 Vidar Løkken (Jul 17)
- Re: Re: Full-Disclosure Digest, Vol 17, Issue 31 Eliah Kagan (Jul 27)
- Re: Re: Full-Disclosure Digest, Vol 17, Issue 31 Vidar Løkken (Jul 17)