J. S. Connell wrote: > This is one of the reasons I've never bothered with shadow passwords on > Linux - everything must either be suid root or sgid shadow, and that's a > lot of power to give to $some_random_program.
Er, making something sgid shadow gives it the power to read /etc/shadow, and no other power at all. > I just make sure I use 'unguessable' passwords, and I don't have lusers on > my boxes. All passwords are brute-forcable. If distributed.net were out to crack unix passwords, it could probably do one per hour. -- see shy jo
