[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security problem
|
From: |
Chet Ramey |
|
Subject: |
Re: security problem |
|
Date: |
Tue, 20 Apr 2004 17:15:25 -0400 |
> I may have stumbled across a potentially serious security flaw in
> Bash-2.05b installed with Mandrake9.2. The hidden file .bash_history in
> my home directory displays my su unencrypted password. Not a problem for
> me as I am the only user.
If your history file contains the unencrypted root password, you must
have typed it at a bash prompt at some point (possibly while thinking
you were typing to `su' and not looking -- I've done that).
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet )
Live...Laugh...Love
Chet Ramey, ITS, CWRU chet@po.cwru.edu http://tiswww.tis.cwru.edu/~chet/