Re: sudo security Was: Reporting missing package during install
On Tue 10 Dec 2013 at 11:18:17 -0600, yaro@marupa.net wrote:
> On Tuesday, December 10, 2013 11:15:26 AM John Hasler wrote:
> > Gian Uberto Lauri writes:
> > > Some of your argument seems to suggest that the Debian installer should
> > > not offer the option of leaving the root password blank
> >
> > Gian Uberto Lauri
> >
> > > IT DOES????? AAAAAAARGH!
> >
> > It *disables* the root account. Thus there is only one "vulnerable"
> > account.
>
> Not only that, but now whoever seeks to compromise your account has the added
> challenge of figuring out just what, exactly, the name of the account is. The
> problem with 'root' is everyone who would intend to compromise it knows its
> name.
The account name is immaterial. Only the password is of significance.
Reply to: