How secure is UNIX? (Re: Stupid man pages)
Andy DeFaria
defaria at hpclapd.HP.COM
Tue Jun 12 06:11:41 AEST 1990
>/ hpclapd:comp.unix.questions / jik at athena.mit.edu (Jonathan I. Kamens) / 1:30 am Jun 10, 1990 /
> Oh, jolly good. So now you're proposing to take all the passwords
>(or, at least, encrypted passwords) and put them in an /etc/shadow
>file, but other than the fact that the file isn't world-readable, the
>rest of the scenario I described is correct, right?
If you can't get the password because you can't read it then you scenario
fails.
> In that case, you're basing the entire security of your system on
>the readability or non-readability of one file. Do you know how many
>ways there are in Unix to read a file you're not supposed to be able
>to read? Or to read portions of that file?
I don't know how many ways there are in Unix to read a file you're not
supposed to be able to read but if there are any then they are holes in the
files system itself.
More information about the Comp.unix.questions
mailing list