comments in /eetc/passwd and group
Stephen
cryptworks at gmail.com
Thu Feb 4 13:49:41 MST 2010
The nest statement i can really find to explain why this is a bad idea is
"Almost, all modern Linux / UNIX line operating systems use some sort
of the shadow password suite, where /etc/passwd has asterisks (*)
instead of encrypted passwords, and the encrypted passwords are in
/etc/shadow which is readable by the superuser only."
This would mean that most of them are looking for tampering in either
passwd or shadow files and if finding any will probably fail/lock the
system.
but i can find no harder proof, and even if this was 100% the case
each distribution will likely handle things in a different manner.
More information about the PLUG-discuss
mailing list