Date: Thu, 3 Dec 1998 02:19:07 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Matthew Dillon <dillon@apollo.backplane.com>, Dima Ruban <dima@best.net> Cc: guido@gvr.org, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc master.passwd Message-ID: <19981203021907.A79875@nagual.pp.ru> In-Reply-To: <199812022155.NAA19166@apollo.backplane.com>; from dillon@apollo.backplane.com on Wed, Dec 02, 1998 at 01:55:34PM -0800 References: <199812022135.NAA02023@burka.rdy.com> <199812022155.NAA19166@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 02, 1998 at 01:55:34PM -0800, Matthew Dillon wrote: > I suppose, theoretically, if some hacker were able to create a file or > directories in /, they would be able to break into the account. But anyone > capable of that can probably break root directly. If we were totally About creating nonexisten directories: some hackers prefer to live on machine using some stealing techniques to mimic valid user. It is too easy to mimic valid user under operator just by creating new directory even without touching passwd (which can be detected by daily script). -- Andrey A. Chernov http://www.nagual.pp.ru/~ache/ MTH/SH/HE S-- W-- N+ PEC>+ D A a++ C G>+ QH+(++) 666+>++ Y To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981203021907.A79875>