Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Fwd: Re: [linuxNUS] Possible HUGE Security Flaw inUbuntu Breezy (and maybe other versions)

>>>>> "Roger" == Roger Markus <> writes:

    >> > Karl Řie discovered that the Ubuntu 5.10 installer > failed
    >> to clean > passwords in the installer log files. Since these >
    >> files were > world-readable, any local user could see the >
    >> password > of the first > user account, which has full sudo
    >> privileges by > default.

    Roger> Ouch!  That one password system doesn't seem so good
    Roger> now....

Um, no.  This particular bug could happen to any install script that
"helpfully" sets up a root account for you.  So it actually
demonstrates *why* the one-password setup is a good idea: because you
only have to worry about that one.  Eg, you could do a recursive grep
for it on /, and find all the rootkits that have logged it, I bet.

Also, remember that anybody who has shell access is already past the
(on average) hardest hurdle already.

Uva Coder is welcome to chime in about the virtues of Plan 9 right
about here, though.

School of Systems and Information Engineering
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links