Re: Thoughts about network-console

To: debian-boot@lists.debian.org
Subject: Re: Thoughts about network-console
From: Frans Pop <elendil@planet.nl>
Date: Thu, 5 Aug 2010 20:17:29 +0200
Message-id: <[🔎] 201008052017.30148.elendil@planet.nl>
In-reply-to: <[🔎] 1281030391.3116.2.camel@debian-thib>
References: <[🔎] 1280923066.3032.26.camel@debian-thib> <[🔎] 201008051458.25739.elendil@planet.nl> <[🔎] 1281030391.3116.2.camel@debian-thib>

(No need to CC on replies: I read the list.)

On Thursday 05 August 2010, Thibaut Girka wrote:
> If you're talking about user-setup, they are cleared, that the first
> thing I've checked (better done that checking network-console, it seems)
> before sending this mail.

With user-setup the passwords are asked by a different (much earlier [1]) 
script than the one that creates the accounts and sets the passwords. So 
they *must* be in the debconf database for at least the time in between.

The fact that they are cleared afterwards - only at the very, very end of 
the installation: just before the reboot - seems to me like a mostly empty 
gesture. At least for the attack vector you were concerned about.

[1] The asking of the passwords was recently moved forward quite a bit for 
Squeeze.

Reply to:

Follow-Ups:
- Re: Thoughts about network-console
  - From: Thibaut Girka <thib@sitedethib.com>

References:
- Thoughts about network-console
  - From: Thibaut Girka <thib@sitedethib.com>
- Re: Thoughts about network-console
  - From: Frans Pop <elendil@planet.nl>
- Re: Thoughts about network-console
  - From: Thibaut Girka <thib@sitedethib.com>

Prev by Date: Re: Thoughts about network-console
Next by Date: Processing of usb-discover_1.09_i386.changes
Previous by thread: Re: Thoughts about network-console
Next by thread: Re: Thoughts about network-console
Index(es):
- Date
- Thread