[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Thoughts about network-console

I have some thoughts that I would like to discuss with you about

First is a (quite paranoid) security consideration:
Let's say that some user wants to install Debian remotely in his working
He starts the installation in front of the computer, sets a password,
that happen to be its daily-use one. He then do the remaining steps
Then, an untrustworthy colleague goes to the computer, and just
reads /var/lib/cdebconf/questions.dat: installer's password is there,
plain, clear text.
So, I think we should remove this password from the debconf database as
soon as it is written to /etc/shadow.

Second is quite the opposite: I would like to have a debconf boolean to
display the password in the network-console/start note.
The reason behind this is that, on some devices, with display and no
usable input, we can (and were already doing) display
On such devices, the password is set by a preseed file, so, showing it
should be helpful to the user.
I don't think there are strong security issues there, since somebody
that have access to the screen probably have physical access to the
device too.
Making it a debconf boolean defaulting to false (and probably never
displayed to the user?) should make it not be a security problem outside
of the scope of the few devices with such preseeding.

Best regards,
Thibaut Girka.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: