Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 May 2000 14:55:08 +0200
From:      Peter van Dijk <petervd@vuurwerk.nl>
To:        security@FreeBSD.ORG
Subject:   Re: envy.vuurwerk.nl daily run output
Message-ID:  <20000510145508.M46065@vuurwerk.nl>
In-Reply-To: <3.0.5.32.20000510055246.009b9100@infidel.boolean.net>; from Kurt@OpenLDAP.org on Wed, May 10, 2000 at 05:52:46AM -0700
References:  <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> <20000509150609.L42267@vuurwerk.nl> <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> <20000510140053.G46065@vuurwerk.nl> <3.0.5.32.20000510055246.009b9100@infidel.boolean.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, May 10, 2000 at 05:52:46AM -0700, Kurt D. Zeilenga wrote:
> At 02:00 PM 5/10/00 +0200, Peter van Dijk wrote:
> >On Tue, May 09, 2000 at 09:55:16PM -0400, Crist J. Clark wrote:
> >> On Tue, May 09, 2000 at 03:06:09PM +0200, Peter van Dijk wrote:
> >> > [snip]
> >> > 
> >> > Backup passwd and group files:
> >> > envy.vuurwerk.nl passwd diffs:
> >> > 3c3
> >> > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash
> >> > ---
> >> > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash
> >> > [snip]
> 
> Actually, the use of "password" could mask a change... consider
> 
>  < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash
>  ---
>  > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/tcsh
> 
> The admin would likely assume only the shell has changed even
> though password may have changed.

Now _there_ is a good point. We need password1/password2 for security.
Damn.

Greetz, Peter.
-- 
Powered by WUT? - Peter van Dijk [student:sysadmin:developer:madly in love]
| `Yes, this was actually a hack and not     |  (petervd@|www.)vuurwerk.nl
|  a scritp kiddie clicking a mouse button.' |       www.dataloss.net
|               - hackernews.com, commenting on the apache.org deface


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000510145508.M46065>