[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.63.0607171327020.6648@elise.vidarlo.net>
Date: Mon Jul 17 12:29:10 2006
From: vidarlo at vestdata.no (Vidar Løkken)
Subject: Re: Full-Disclosure Digest, Vol 17, Issue 31
On Sun, 16 Jul 2006, Jhou Shalnevarkno wrote:
> I've come to the realisation that plain text can be entered to change
> the root password in Slackware Linux. It doesn't check for the
> original password.. Surely this isn't right, perhaps its my bit of
> confusion but I think that its a minor case of stupidity that even
> though the root user has rwx access to all filesystems, this shouldn't
> be the case with passwords.
Root can always change a password for a user or himself without knowledge
of the old password. It has always been so, in any Linux and BSD I know
of. And it is so by design, since a root console should not be left logged
in anyway. And those who are root, can just edit the files, so what is the
point in asking for the former password? It adds nothing in security...
--
MVH,
Vidar
Anthony's Law of Force:
Don't force it; get a larger hammer.
Powered by blists - more mailing lists