From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Not encrypted password in memory
Date: Sun, 3 Feb 2008 14:55:22 -0800 [thread overview]
Message-ID: <20080203225522.GH21641@curie-int.orbis-terrarum.net> (raw)
In-Reply-To: <47A63E10.9050207@o2.pl>
[-- Attachment #1: Type: text/plain, Size: 875 bytes --]
On Sun, Feb 03, 2008 at 11:20:00PM +0100, Mateusz Mierzwinski wrote:
> After making memory dump and editing file in k hex editor I've found
> unencrypted password to my linux. I thin'k thats not good because anyone
> can read it with some php script with system() execution.
> Password is fully readable.
You'll need to be a little more explanatory than that. What process did
the memory space in question belong to? Was is your system password,
your gpg password or what? How were you dumping memory?
Unless you are running a web-facing PHP as root, a script running
system() would only be able to get to it via root exploit or if the
password was in a memory space accessible to the same process.
--
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : robbat2@gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
[-- Attachment #2: Type: application/pgp-signature, Size: 329 bytes --]
next prev parent reply other threads:[~2008-02-03 22:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E1JLlZS-000813-0E@stork.gentoo.org>
2008-02-03 21:00 ` [gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in app-accessibility/yasr: ChangeLog yasr-0.6.9.ebuild Christian Faulhammer
2008-02-03 22:20 ` [gentoo-dev] Not encrypted password in memory Mateusz Mierzwinski
2008-02-03 22:55 ` Robin H. Johnson [this message]
2008-02-03 23:24 ` [gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in app-accessibility/yasr: ChangeLog yasr-0.6.9.ebuild William Hubbs
2008-02-04 4:17 ` Nirbheek Chauhan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080203225522.GH21641@curie-int.orbis-terrarum.net \
--to=robbat2@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox