Re: Thoughts about network-console

[Frans Pop <elendil@planet.nl>]

On Thursday 05 August 2010, Thibaut Girka wrote:
> > Did you actually check this? The password templates are of type
> > 'password' and thus the value should be in
> > /var/lib/cdebconf/passwords.dat (and thus encoded) instead of in plain
> > text in questions.dat.
>
> Well, you can still db_get the password, can't you?

Yes.

> As said earlier, I was, for some reason, sure that the postinst script
> didn't clear the passwords...

The fact that it clears the passwords is somewhat accidental (it has more 
to do with allowing to re-enter the passwords if they are unequal than 
with security considerations).
There are also other fields in passwords.dat, like the root and first user 
passwords, that are possibly not cleared.

Systems are vulnerable anyway when people have physical access to them. 
That they are a bit more vulnerable during installation is almost 
unavoidable, but in most cases the window (time from start of install to 
reboot) is quite short.

I don't think this is something we should worry too much about.