[CentOS] an actual hacked machine, in a preserved state

Leonard den Ottolander leonard at den.ottolander.nl
Tue Jan 3 10:01:01 UTC 2012


Hello Rudi,

On Tue, 2012-01-03 at 11:14 +0200, Rudi Ahlers wrote:
> How does something like c99shell allow a local user (not root) to read
> the /etc/shadow file?

I do not vouch for every app that is written to break good security
practices. Try
$ ls -l /etc/shadow

If the tool you are using allows normal users access to /etc/shadow it
is using some sort of root privileges, either it's a suid tool (ouch) or
it needs entries in /etc/sudoers (visudo). In either case, I cannot
think of a valid reason to allow normal users access to this file.

http://tldp.org/HOWTO/Shadow-Password-HOWTO.html for more information on
shadow passwords.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research





More information about the CentOS mailing list