On Thu, Jan 17, 2002 at 09:22:55PM -0800, Chris Wright wrote: > this is the problem with the traditional all powerful root. once > someone has root on your box, game over. they can trojan any program, > they can read and write to files and memory, they can load kernel > modules, etc. really, the ability to read a password from /dev/mem is > low on the list of worries. of course, but then again, why is it there ? What processes are storing passwords in plain text for more than the time it takes to crypt() and compare it ? regards john -- "Lots of companies would love to be in our hole." - Scott McNealy -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ IRC Channel: irc.openprojects.net / #kernelnewbies Web Page: http://www.kernelnewbies.org/
