Re: sudo security Was: Reporting missing package during install

To: debian-user@lists.debian.org
Subject: Re: sudo security Was: Reporting missing package during install
From: yaro@marupa.net
Date: Tue, 10 Dec 2013 11:18:17 -0600
Message-id: <[🔎] 6261204.3WviBqbffP@twilight>
In-reply-to: <[🔎] 87iouwk4pd.fsf@thumper.dhh.gt.org>
References: <[🔎] 20131209094043.GQ3239@sid.nuvreauspam> <[🔎] 21159.15609.383614.22901@mail.eng.it> <[🔎] 87iouwk4pd.fsf@thumper.dhh.gt.org>

On Tuesday, December 10, 2013 11:15:26 AM John Hasler wrote:
> Gian Uberto Lauri writes:
> > Some of your argument seems to suggest that the Debian installer should
> > not offer the option of leaving the root password blank
> 
> Gian Uberto Lauri
> 
> > IT DOES????? AAAAAAARGH!
> 
> It *disables* the root account.  Thus there is only one "vulnerable"
> account.

Not only that, but now whoever seeks to compromise your account has the added 
challenge of figuring out just what, exactly, the name of the account is. The 
problem with 'root' is everyone who would intend to compromise it knows its 
name.

Conrad

Reply to:

Follow-Ups:
- Re: sudo security Was: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: sudo security Was: Reporting missing package during install
  - From: Brian <ad44@cityscape.co.uk>

References:
- Re: Reporting missing package during install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: sudo security Was: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: sudo security Was: Reporting missing package during install
  - From: John Hasler <jhasler@newsguy.com>

Prev by Date: Re: sudo security Was: Reporting missing package during install
Next by Date: Re: sudo security Was: Reporting missing package during install
Previous by thread: Re: sudo security Was: Reporting missing package during install
Next by thread: Re: sudo security Was: Reporting missing package during install
Index(es):
- Date
- Thread