On Wed, Feb 4, 2015 at 4:55 PM, Warren Young <[email protected]> wrote:
>>>
>> There have been remotely exploitable vulnerabilities where an arbitrary file
>> could be read
>
> CVEs, please?
>
> I’m aware of vulnerabilities that allow a remote read of arbitrary files that
> are readable by the exploited process’s user, but for such an exploit to work
> on /etc/shadow, the process has to be running as root.
>
> Most such vulns are against Apache, PHP, etc, which do not run as root.
Those are common. Combine them with anything called a 'local
privilege escalation' vulnerability and you've got a remote root
exploit. And people will know how to combine them.
> One of the biggest reasons for the mass exodus from Sendmail to
> qmail/exim/postfix/etc was to get away from a monolithic program that had to
> run as root to do its work.
Except that sendmail was fixed. And when the milter interface was
added it became even less monolithic.
>> Further, lists of usernames and passwords have market value.
>
> Of course. But that’s a different thing than we were discussing.
Not exactly - it just becomes a question of whether the complexity
requirements imposed by the installer are really worth much against
the pre-hashed lists that would be used to match up the shadow
contents.
--
Les Mikesell
[email protected]
_______________________________________________
CentOS mailing list
[email protected]
http://lists.centos.org/mailman/listinfo/centos
