From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JLnk3-0002lG-Ig for garchives@archives.gentoo.org; Sun, 03 Feb 2008 22:55:15 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 81EECE0549; Sun, 3 Feb 2008 22:55:12 +0000 (UTC) Received: from mail.isohunt.com (mail.isohunt.com [208.71.112.20]) by pigeon.gentoo.org (Postfix) with ESMTP id 729ACE0549 for ; Sun, 3 Feb 2008 22:55:12 +0000 (UTC) Received: (qmail 19665 invoked from network); 3 Feb 2008 22:55:07 -0000 Received: from S010600022af11287.vc.shawcable.net (HELO curie.orbis-terrarum.net) (24.84.179.214) (smtp-auth username robbat2@isohunt.com, mechanism login) by mail.isohunt.com (qpsmtpd/0.33-dev on beta01) with (AES256-SHA encrypted) ESMTPSA; Sun, 03 Feb 2008 22:55:07 +0000 Received: (qmail 1634 invoked by uid 10000); 3 Feb 2008 14:55:22 -0800 Date: Sun, 3 Feb 2008 14:55:22 -0800 From: "Robin H. Johnson" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Not encrypted password in memory Message-ID: <20080203225522.GH21641@curie-int.orbis-terrarum.net> References: <20080203220019.7ce466f9@gentoo.org> <47A63E10.9050207@o2.pl> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/2994txjAzEdQwm5" Content-Disposition: inline In-Reply-To: <47A63E10.9050207@o2.pl> User-Agent: Mutt/1.5.16 (2007-06-09) X-Archives-Salt: 681a96aa-9071-4a9e-acf4-b693bf32d760 X-Archives-Hash: 10cbb2ed8762c123c9054dd96d79d6c7 --/2994txjAzEdQwm5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 03, 2008 at 11:20:00PM +0100, Mateusz Mierzwinski wrote: > After making memory dump and editing file in k hex editor I've found=20 > unencrypted password to my linux. I thin'k thats not good because anyone= =20 > can read it with some php script with system() execution. > Password is fully readable. You'll need to be a little more explanatory than that. What process did the memory space in question belong to? Was is your system password, your gpg password or what? How were you dumping memory? Unless you are running a web-facing PHP as root, a script running system() would only be able to get to it via root exploit or if the password was in a memory space accessible to the same process. --=20 Robin Hugh Johnson Gentoo Linux Developer & Infra Guy E-Mail : robbat2@gentoo.org GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 --/2994txjAzEdQwm5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (GNU/Linux) Comment: Robbat2 @ Orbis-Terrarum Networks - The text below is a digital signature. If it doesn't make any sense to you, ignore it. iEYEARECAAYFAkemRloACgkQPpIsIjIzwiwTCwCgpnq0nMwxMdclBgxCr7lzc9rU Oy4AoL33DNr+y6dtBcRdDK5BCqGK1Rj0 =udKV -----END PGP SIGNATURE----- --/2994txjAzEdQwm5-- -- gentoo-dev@lists.gentoo.org mailing list