[lug] Possible compromise?

Rob Nagler nagler at bivio.biz
Sun Jan 19 08:29:36 MST 2003

Rob Nagler writes:
> You can "su" without a password.

I booted the machine this morning, and the root password was empty.
Even though shadow passwords are enabled, a blank means anybody can
get in.  You need an "x" in the password to force the shadow lookup.
And, sshd won't allowed you in without a password, but PAM (or
whatever) will let you in with any password when none is required.

The way /etc/passwd got this way is unclear, but probably related to
the way we configure machines with RPMs.  /etc/passwd used to be
checked in until we moved to a new system that checks for existing
accounts and creates them if they aren't there in the %post of the
RPM. (See http://petshop.bivio.biz/src?s=Bivio::Util::LinuxConfig)

I don't think there was a breach, although the machine was wide open
for a few days.


More information about the LUG mailing list