On Wed, Feb 4, 2015 at 4:55 PM, Warren Young wyml@etr-usa.com wrote:
There have been remotely exploitable vulnerabilities where an arbitrary file could be read
CVEs, please?
I’m aware of vulnerabilities that allow a remote read of arbitrary files that are readable by the exploited process’s user, but for such an exploit to work on /etc/shadow, the process has to be running as root.
Most such vulns are against Apache, PHP, etc, which do not run as root.
Those are common. Combine them with anything called a 'local privilege escalation' vulnerability and you've got a remote root exploit. And people will know how to combine them.
One of the biggest reasons for the mass exodus from Sendmail to qmail/exim/postfix/etc was to get away from a monolithic program that had to run as root to do its work.
Except that sendmail was fixed. And when the milter interface was added it became even less monolithic.
Further, lists of usernames and passwords have market value.
Of course. But that’s a different thing than we were discussing.
Not exactly - it just becomes a question of whether the complexity requirements imposed by the installer are really worth much against the pre-hashed lists that would be used to match up the shadow contents.