Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 18 Dec 2014 07:35:12 -0900
From: Royce Williams <royce@...ho.org>
To: john-users@...ts.openwall.com
Subject: Re: bleeding-jumbo: john fails to show status on key press

On Thu, Dec 18, 2014 at 7:15 AM,  <jfoug@....net> wrote:

> If you need to run john as sudo (hmmm, scary), and you need keystroke captures to work within john, then simply do 'sudo sh' (or bash, zsh, etc) and you get a root shell.  You can then do what you want to do.  KEEP IN MIND, you are root in everything you are doing now, so be very careful.  When done, exit the sudo shell back to your normal user shell.   It is also best to change your prompts, etc so that you get continually reminded that you can do extreme damage.

Understood.  My john-naive questions aside :-), I do actually have
enough sysadmin experience with production boxes to know to minimize
root usage.  I'd much prefer a targeted john-only root invocation,
instead of a full shell, for exactly the reasons you outline above.

It's not that I need to run john as root very often.  It's that
if/when I -- or anyone -- needs do, john does something surprising,
and something that every other program I know of does not do.  The end
user is going to be confused by it, like I was (and still am. :-) ).

Royce

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ