[Gllug] LILO Passwords - was Re: [Gllug] Random password generation
John Edwards
john_ed at cornerstonelinux.co.uk
Tue Sep 11 22:06:10 UTC 2001
On Tue, Sep 11, 2001 at 10:39:35PM +0100, Gordon Joly wrote:
> >And of course you make sure you have a different password for lilo
> >than you have for root, its amazing how many people who seem to be
> >fairly competent believe that its perfectly fine to go round
> >sticking the root password unencrypted in world readable files.
>
> That is stoopid. Not the fault of the superuser, but of the system
> (OS) designer.
>
> There again, /etc/passwd used to have passwords (encrypted).
>
> Gordo
Thinking on this - if lilo doesn't encrypt the password could someone
read it in from the Master Boot Record ?
I suppose the alternative would be that lilo holds an encrypted password
in the master boot record. But as lilo can not read file systems it would
have to the code for the passwd and crypt functions in with it, and I don't
think it would have the space.
Maybe grub can do this, but I can't see antthing about password in the
documentation.
ps. If someone can read the Master Boot Record then they could also do a
whole load of other nastiness.
--
#-----------------------------------------------------------------#
| John Edwards, Email: John.Edwards at cornerstonelinux.co.uk |
#-----------------------------------------------------------------#
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list