The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Getting root on Linux

Manoj Srivastava <srivasta@datasync.com> writes:

Certainly I agree that we shouldn't set passwords without asking
first.

The sitation is a bit ironic.  We go to all the trouble of making init
secure - launching sulogin in a single or emergency boot sitation
(unlike Redhat apparently), and then the kernel provides a simple way
to bypass init.

The password appears to be stored in cleartext in lilo.conf.  Yuck.
lilo should have an epassword= option to set an encrypted password.

> 	I would suggest we modfy liloconfig to ask for, and set, a
>  password, if the user so wishes, but never to require a password with
>  no password provided.

Yes, the password and restricted options should be strongly encouraged
if others have physical access to the machine.


Guy


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .