root on ports

Simon Perreault nomis80 at videotron.ca
Thu Feb 15 14:25:53 PST 2001


On Thursday 15 February 2001 16:06, Fabio Fracassi wrote:
> but anyone with read access to the profile can still take the encrypted
> password to get root access! Or not?

That is correct. If you keep the profile with the password, but put "rm -rf 
/" instead of everything else, you just killed the whole system.

Maybe the password would need to be asked by the frontend to the user before 
starting, and then kept somewhere safe? Of course, if the building is killed, 
fails, is terminated, or simply ends, there should be no way of finding that 
password.

-- 
Simon Perreault -- Public key: http://nomis80.dyn.dhs.org/nomis80.gpg
I know Linux. I need a job. Do I fit your needs? Email me!





More information about the alfs-discuss mailing list