On Tue, 2007-12-04 at 10:41 +1300, Apptech wrote:
> > A neat trick I've used in the past when dealing with 
> > password issues:
> >
> > - boot to single user
> > - open /etc/shadow
> > - replace the "encrypted text" of the account you want 
> > access to with
> > the "encrypted text" of an account you know the password 
> > of
> > - reboot
> 
> > The result is the account you want access to will now have 
> > the password
> > of the account you know! There are alot of ways of fixing 
> > this problem,
> > but I've found this method to be by far the fastest! :)
> 
> Sure sounds like a security hole to me :-)

Not really. The rational is that to boot to single user you have to be
physically present at the machine, no remote connections are possible.
So the opinion is if you have to have physical access to the machine to
do it, why bother doing anything to stop it since someone with physical
access could just pull the drive and stick it into another machine
anyways! :)

Alot of people balk at discovering such a thing is possible, but end up
agreeing it's not much of a big deal.

TTYL
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist