Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Fix password security in 10.3.x for upgraded accounts' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Fix password security in 10.3.x for upgraded accounts
Authored by: vykor on Dec 08, '04 09:23:02AM

I don't see this method as a major problem.

If viewing a file requires root access, and if the malicious user has that root access, then he can do a lot better than combing through the VM swapfile. If you leave a shell open with a valid sudo time stamp, that's a user-level issue and not a system level one.

I agree with you in principle. Leaving passwords in plaintext in the swapfile is pretty stupid, but not as big a deal as one might think.



[ Reply to This | # ]