| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20090930.013252.219222130.maxigas@anargeek.net> Date: Wed, 30 Sep 2009 01:32:52 +0100 (BST) From: maxigas <maxigas@...rgeek.net> To: bodik@....zcu.cz Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Modifying SSH to Capture Login Credentials from Attackers From: "bodik@....zcu.cz" <bodik@....zcu.cz> Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers Date: Wed, 30 Sep 2009 00:03:51 +0200 >> All standard users have read access to /var/log/auth, so if root > > they shouldn't, at least on my default debian they don't ... On my default Ubuntu, users in "adm" group have reac access to the authentication log file: me@...hine: ls -l /var/log/auth.log -rw-r----- 1 syslog adm 46774 2009-09-30 01:10 /var/log/auth.log -- ×× maxigas // villanypásztor / kiberpunk / web shepherd // -= Important communication disclaimer: by replying to my emails you are disclaiming all your disclaimers. =- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists