From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756559Ab0CIBz3 (ORCPT ); Mon, 8 Mar 2010 20:55:29 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:56068 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756526Ab0CIBz0 (ORCPT ); Mon, 8 Mar 2010 20:55:26 -0500 Date: Tue, 9 Mar 2010 01:55:18 +0000 From: Al Viro To: Luca Barbieri Cc: Linus Torvalds , Alan Cox , Ingo Molnar , James Morris , linux-kernel@vger.kernel.org, Kyle McMartin , Alexander Viro Subject: Re: Upstream first policy Message-ID: <20100309015518.GS30031@ZenIV.linux.org.uk> References: <20100308094647.GA14268@elte.hu> <20100308173008.7ae389ab@lxorguk.ukuu.org.uk> <20100308184521.GK30031@ZenIV.linux.org.uk> <20100309012552.GR30031@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-08-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 09, 2010 at 02:51:55AM +0100, Luca Barbieri wrote: > >> 4. It doesn't matter at all if anyone reads a file that happens to be > >> at /etc/shadow while not containing shadow passwords (with the same > >> path, but different content) > > > > What the hell are you smoking? > > I mean, what is interesting for security of reading is the fact that > the file contains shadow passwords (and thus is labeled as "secret" or > with a specific label), not that it is at /etc/shadow. Yeah, especially when it's read by sshd. Who cares, indeed? So it's got a passwordless root, that's even better, right? Nobody will see your real root password that way...