[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#129988: marked as done (S/390: secure install with a password?)

Your message dated Thu, 1 May 2003 01:41:40 +0200
with message-id <20030430234140.GA16222@zombie.inka.de>
and subject line Bug#129988: #129988: boot-floppies: secure install with a password?
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at maintonly) by bugs.debian.org; 19 Jan 2002 17:22:21 +0000
>From jochen@delphi.lan-ks.de Sat Jan 19 11:22:21 2002
Return-path: <jochen@delphi.lan-ks.de>
Received: from uranus.lan-ks.de [] (root)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 16RzC7-0007iK-00; Sat, 19 Jan 2002 11:22:20 -0600
Received: (from uucp@localhost)
	by uranus.lan-ks.de (8.11.6/8.11.5) with UUCP id g0JHKEW30395
	for maintonly@bugs.debian.org; Sat, 19 Jan 2002 18:20:14 +0100
	(envelope-from jochen@delphi.lan-ks.de)
X-Envelope-To: maintonly@bugs.debian.org
Received: from jupiter.jochen.org (localhost [])
	by jupiter.jochen.org (8.12.1/8.12.1/Debian -5) with ESMTP id g0JH9Rg7023089;
	Sat, 19 Jan 2002 18:09:27 +0100
Received: (from jochen@localhost)
	by jupiter.jochen.org (8.12.1/8.12.1/Debian -5) id g0JH9QhN023088;
	Sat, 19 Jan 2002 18:09:26 +0100
Message-Id: <200201191709.g0JH9QhN023088@jupiter.jochen.org>
From: Jochen Hein <jochen@delphi.lan-ks.de>
To: Debian Bug Tracking System <maintonly@bugs.debian.org>
Subject: S/390: secure install with a password?
X-Reportbug-Version: 1.41.14213
X-Mailer: reportbug 1.41.14213
Date: Sat, 19 Jan 2002 18:09:26 +0100
Delivered-To: maintonly@bugs.debian.org

Package: boot-floppies
Version: 3.0.17-2001-11-18
Severity: wishlist
Tags: security

[This is with the old boot-floppies, can't see if it is fixed.
Changelog says: 
"- s390: don't modify etc/passwd on the initrd any longer"]

When installing Debian on S/390, you boot and have only minimal
console support, just to set networking up.

After that, you telnet into the box and the first session starts the
rest of the install.  Any other connect gives a root prompt without
asking for a password - so any user in your net may drop into the
system and screw up your installation.

Caiman asks for a new password and start inetd only after stat.  I
think, that should be how it is done.


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux jupiter 2.4.17 #1 Sam Jan 5 19:50:56 CET 2002 i686
Locale: LANG=de_DE, LC_CTYPE=de_DE

Received: (at 129988-done) by bugs.debian.org; 1 May 2003 12:30:30 +0000
>From inet@zombie.inka.de Thu May 01 07:30:29 2003
Return-path: <inet@zombie.inka.de>
Received: from quechua.inka.de (mail.inka.de) [] (mail)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 19BDCm-0007RX-00; Thu, 01 May 2003 07:30:28 -0500
Received: from debian.zombie.inka.de (pd955d630.dip.t-dialin.net [])
	by mail.inka.de with asmtp 
	id 19BDCl-0003qd-00; Thu, 01 May 2003 14:30:27 +0200
Received: from inet by debian.zombie.inka.de with local (Exim 3.35 #1 (Debian))
	id 19B1Cm-0004E1-00; Thu, 01 May 2003 01:41:40 +0200
Date: Thu, 1 May 2003 01:41:40 +0200
From: Eduard Bloch <edi@gmx.de>
To: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>,
Subject: Re: Bug#129988: #129988: boot-floppies: secure install with a password?
Message-ID: <20030430234140.GA16222@zombie.inka.de>
References: <Pine.GSO.4.40.0304301504000.23184-100000@deneb.cc.umanitoba.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <Pine.GSO.4.40.0304301504000.23184-100000@deneb.cc.umanitoba.ca>
User-Agent: Mutt/1.5.4i
Sender: Eduard Bloch <inet@zombie.inka.de>
Delivered-To: 129988-done@bugs.debian.org
X-Spam-Status: No, hits=-23.7 required=4.0
	autolearn=ham version=2.53-bugs.debian.org_2003_04_23
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_04_23 (

#include <hallo.h>
* Drew Scott Daniels [Wed, Apr 30 2003, 03:06:40PM]:
> fwiw, telnet sessions can be taken over by almost anyone who can sniff.
> With no password, even those who can't sniff (locked down computers or on
> not on any network segment that could sniff) could login. So a sniffable
> password is safer than no password.

Oh master, and what should we do against people's stupidity?

Weil die Klügeren nachgeben, regieren die Deppen die Welt.

Reply to: