LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   running set | less as user reveals root password (http://www.linuxquestions.org/questions/slackware-14/running-set-%7C-less-as-user-reveals-root-password-871214/)

trillobyte 03-26-2011 09:46 PM

running set | less as user reveals root password
 
When I run set | less as a user, my root password is displayed in the last line of rules.

Code:

_=su
*******<-----Root Password.

I'm a bit concerned about this.

I'm running Slackware 13.1 32bit.

rigelan 03-26-2011 10:03 PM

set is supposed to display variables. I just checked on my computer and my root password is not displayed in 'set'. Evidently some script or program has placed it there.

The sudoers file perhaps?
Do you have an auto-su program of some sort?

smoooth103 03-26-2011 10:03 PM

I tested it in -current (32bit) and it did not show the password. If my last command was "su" before running "set | less" it will keep that variable _=su as the last line. It did not show my root password though.

I think as long as you are not using the superuser command from an untrusted user, you'd be ok. I would try, at all cost, to avoid using "su" from an untrusted user account.

trillobyte 03-26-2011 10:12 PM

Quote:

Originally Posted by smoooth103 (Post 4304820)
I tested it in -current (32bit) and it did not show the password. If my last command was "su" before running "set | less" it will keep that variable _=su as the last line. It did not show my root password though.

That's what happened. It was after I had logged in as su to do a few things. However, I have tried to recreate the situation and I'm happy to say it's not happening anymore.

rigelan 03-26-2011 10:14 PM

Good enough I guess.

trillobyte 03-26-2011 10:18 PM

Quote:

Originally Posted by rigelan (Post 4304819)
set is supposed to display variables. I just checked on my computer and my root password is not displayed in 'set'. Evidently some script or program has placed it there.

The sudoers file perhaps?
Do you have an auto-su program of some sort?

I don't have any auto-su programs. It was after logging in and out of su when it happened.

GazL 03-27-2011 04:14 AM

My guess is that you tried to su while you were already root, thus su didn't prompt you for a password but you didn't notice and as you were expecting to have to type it your fingers carried on on autopilot and typed your password on the command line.
'set' shows the last command you typed on the _= so if you accidentally typed your password in like this it will show up.

You should be able to confirm that this is what has happened by checking roots .bash_history (which you probably ought to clear out to remove traces of the password).


Not saying this is what did happen, but it's a plausible explanation.

trillobyte 03-27-2011 12:05 PM

I checked roots .bash_history for the password and it came up negative. It's quite baffling, but at least it's not happening anymore.


All times are GMT -5. The time now is 11:40 PM.