Re: Upstream first policy

From: Al Viro
Date: Mon Mar 08 2010 - 20:55:33 EST


On Tue, Mar 09, 2010 at 02:51:55AM +0100, Luca Barbieri wrote:
> >> 4. It doesn't matter at all if anyone reads a file that happens to be
> >> at /etc/shadow while not containing shadow passwords (with the same
> >> path, but different content)
> >
> > What the hell are you smoking?
>
> I mean, what is interesting for security of reading is the fact that
> the file contains shadow passwords (and thus is labeled as "secret" or
> with a specific label), not that it is at /etc/shadow.

<sarcasm>
Yeah, especially when it's read by sshd. Who cares, indeed? So it's got
a passwordless root, that's even better, right? Nobody will see your
real root password that way...
</sarcasm>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/