On Wed, Feb 4, 2015 at 4:55 PM, Warren Young <wyml@xxxxxxxxxxx> wrote:
>>>
>> There have been remotely exploitable vulnerabilities where an arbitrary file could be read
>
> CVEs, please?
>
> I’m aware of vulnerabilities that allow a remote read of arbitrary files that are readable by the exploited process’s user, but for such an exploit to work on /etc/shadow, the process has to be running as root.
>
> Most such vulns are against Apache, PHP, etc, which do not run as root.
Those are common. Combine them with anything called a 'local
privilege escalation' vulnerability and you've got a remote root
exploit. And people will know how to combine them.
> One of the biggest reasons for the mass exodus from Sendmail to qmail/exim/postfix/etc was to get away from a monolithic program that had to run as root to do its work.
Except that sendmail was fixed. And when the milter interface was
added it became even less monolithic.
>> Further, lists of usernames and passwords have market value.
>
> Of course. But that’s a different thing than we were discussing.
Not exactly - it just becomes a question of whether the complexity
requirements imposed by the installer are really worth much against
the pre-hashed lists that would be used to match up the shadow
contents.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
