LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 03-26-2011, 09:46 PM   #1
trillobyte
Member
 
Registered: Apr 2007
Location: USA
Distribution: Slackware, FreeBSD, Trisquel
Posts: 105
Blog Entries: 1

Rep: Reputation: 33
running set | less as user reveals root password


When I run set | less as a user, my root password is displayed in the last line of rules.

Code:
_=su
*******<-----Root Password.
I'm a bit concerned about this.

I'm running Slackware 13.1 32bit.

Last edited by trillobyte; 03-26-2011 at 10:06 PM.
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 03-26-2011, 10:03 PM   #2
rigelan
Member
 
Registered: Jul 2005
Location: Iowa
Distribution: Slackware
Posts: 172

Rep: Reputation: 19
set is supposed to display variables. I just checked on my computer and my root password is not displayed in 'set'. Evidently some script or program has placed it there.

The sudoers file perhaps?
Do you have an auto-su program of some sort?

Last edited by rigelan; 03-26-2011 at 10:11 PM.
 
Old 03-26-2011, 10:03 PM   #3
smoooth103
Member
 
Registered: Aug 2009
Location: NC, USA
Distribution: Slackware (64 bit)
Posts: 238

Rep: Reputation: 60
I tested it in -current (32bit) and it did not show the password. If my last command was "su" before running "set | less" it will keep that variable _=su as the last line. It did not show my root password though.

I think as long as you are not using the superuser command from an untrusted user, you'd be ok. I would try, at all cost, to avoid using "su" from an untrusted user account.
 
Old 03-26-2011, 10:12 PM   #4
trillobyte
Member
 
Registered: Apr 2007
Location: USA
Distribution: Slackware, FreeBSD, Trisquel
Posts: 105
Blog Entries: 1

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by smoooth103 View Post
I tested it in -current (32bit) and it did not show the password. If my last command was "su" before running "set | less" it will keep that variable _=su as the last line. It did not show my root password though.
That's what happened. It was after I had logged in as su to do a few things. However, I have tried to recreate the situation and I'm happy to say it's not happening anymore.
 
Old 03-26-2011, 10:14 PM   #5
rigelan
Member
 
Registered: Jul 2005
Location: Iowa
Distribution: Slackware
Posts: 172

Rep: Reputation: 19
Good enough I guess.
 
Old 03-26-2011, 10:18 PM   #6
trillobyte
Member
 
Registered: Apr 2007
Location: USA
Distribution: Slackware, FreeBSD, Trisquel
Posts: 105
Blog Entries: 1

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by rigelan View Post
set is supposed to display variables. I just checked on my computer and my root password is not displayed in 'set'. Evidently some script or program has placed it there.

The sudoers file perhaps?
Do you have an auto-su program of some sort?
I don't have any auto-su programs. It was after logging in and out of su when it happened.
 
Old 03-27-2011, 04:14 AM   #7
GazL
Senior Member
 
Registered: May 2008
Posts: 3,425

Rep: Reputation: 937Reputation: 937Reputation: 937Reputation: 937Reputation: 937Reputation: 937Reputation: 937Reputation: 937
My guess is that you tried to su while you were already root, thus su didn't prompt you for a password but you didn't notice and as you were expecting to have to type it your fingers carried on on autopilot and typed your password on the command line.
'set' shows the last command you typed on the _= so if you accidentally typed your password in like this it will show up.

You should be able to confirm that this is what has happened by checking roots .bash_history (which you probably ought to clear out to remove traces of the password).


Not saying this is what did happen, but it's a plausible explanation.
 
2 members found this post helpful.
Old 03-27-2011, 12:05 PM   #8
trillobyte
Member
 
Registered: Apr 2007
Location: USA
Distribution: Slackware, FreeBSD, Trisquel
Posts: 105
Blog Entries: 1

Original Poster
Rep: Reputation: 33
I checked roots .bash_history for the password and it came up negative. It's quite baffling, but at least it's not happening anymore.
 
  


Reply

Tags
root password, set, su


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Set umask for process running root user uuplunkeruu Linux - Newbie 1 11-23-2009 05:01 PM
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 10:28 PM
How to login if I didnt set a root password and no user? lonecrow Linux - Newbie 7 05-14-2006 07:56 PM
Running a script as root with sudo without entering the user password kloss Linux - General 8 10-10-2005 11:39 AM
terminal reveals my root password shabene Linux - Security 4 06-10-2004 04:03 AM


All times are GMT -5. The time now is 07:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration