[LUAU] all your GPU are belong to us
Eric Hattemer
hattenator at imapmail.org
Sat Oct 27 01:25:39 PDT 2007
Dave Burns wrote:
>> You're assuming that they can't get in and read /etc/shadow.
>>
>
> If they can, then either you've got a broken configuration and they
> will own you in 5 minutes, or they have root already and ordinary
> user-level passwords aren't really stopping them from doing much. I
> suppose this situation deserves some contemplation, but I'd prefer to
> spend a lot more effort preventing them from getting to that point in
> the first place.
>
I agree. I think my post was a little vague, but the idea is that there
used to be vulnerabilities in Windows where you could use a null session
to download the password hash anonymously. I suppose it's possible that
you could find a network vulnerability for any OS that lets you read
files but no execute arbitrary code. This would make cracking a
password hash like /etc/shadow worthwhile. But I think this situation
is pretty uncommon.
-Eric Hattemer
More information about the LUAU
mailing list