Bug#603848: marked as done ([Squeeze Beta1] Successful installation - but one security question)

To: Christian PERRIER <bubulle@debian.org>
Subject: Bug#603848: marked as done ([Squeeze Beta1] Successful installation - but one security question)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 18 Nov 2010 09:12:06 +0000
Message-id: <[🔎] handler.603848.D603848.129007139123409.ackdone@bugs.debian.org>
References: <20101118054409.GM3765@mykerinos.kheops.frmug.org> <[🔎] 20101117221454.88f1ee01.linux@wansing-online.de>

Your message dated Thu, 18 Nov 2010 06:44:09 +0100
with message-id <20101118054409.GM3765@mykerinos.kheops.frmug.org>
and subject line Re: Bug#603848: [Squeeze Beta1] Successful installation - but one security question
has caused the Debian Bug report #603848,
regarding [Squeeze Beta1] Successful installation - but one security question
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
603848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603848
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian BTS <submit@bugs.debian.org>
Subject: [Squeeze Beta1] Successful installation - but one security question
From: Holger Wansing <linux@wansing-online.de>
Date: Wed, 17 Nov 2010 22:14:54 +0100
Message-id: <[🔎] 20101117221454.88f1ee01.linux@wansing-online.de>

Package: installation-reports

Boot method: netinst cd
Image version: squeeze testing beta1
Date: 17.Nov. 2010 20:00

Machine: High-reliability industry pc 'Siemens IL40'
Processor: Pentium4 2,4 GHz
Memory: 512 MB
Partitions: output of df -Tl:

Filesystem    Type   1K-blocks      Used Available Use% Mounted on
/dev/sda1     ext4     5169540   2169328   2737608  45% /
tmpfs        tmpfs      257064         0    257064   0% /lib/init/rw
udev         tmpfs      252736       172    252564   1% /dev
tmpfs        tmpfs      257064         0    257064   0% /dev/shm
/dev/sda6     ext4    13417584    184608  12551404   2% /home
/dev/sdb1     vfat      245129     40305    204825  17% /media/floppy0


Output of lspci -knn:

00:00.0 Host bridge [0600]: Intel Corporation 82845G/GL[Brookdale-G]/GE/PE DRAM Controller/Host-Hub Interface [8086:2560] (rev 03)
	Subsystem: Fujitsu Technology Solutions Device [1734:1003]
	Kernel driver in use: agpgart-intel
00:01.0 PCI bridge [0604]: Intel Corporation 82845G/GL[Brookdale-G]/GE/PE Host-to-AGP Bridge [8086:2561] (rev 03)
00:1d.0 USB Controller [0c03]: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 [8086:24c2] (rev 02)
	Subsystem: Fujitsu Technology Solutions D1451 Mainboard (SCENIC N300, i845GV) [1734:1004]
	Kernel driver in use: uhci_hcd
00:1d.1 USB Controller [0c03]: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2 [8086:24c4] (rev 02)
	Subsystem: Fujitsu Technology Solutions D1451 Mainboard (SCENIC N300, i845GV) [1734:1004]
	Kernel driver in use: uhci_hcd
00:1d.2 USB Controller [0c03]: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #3 [8086:24c7] (rev 02)
	Subsystem: Fujitsu Technology Solutions D1451 Mainboard (SCENIC N300, i845GV) [1734:1004]
	Kernel driver in use: uhci_hcd
00:1d.7 USB Controller [0c03]: Intel Corporation 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI Controller [8086:24cd] (rev 02)
	Subsystem: Fujitsu Technology Solutions D1451 Mainboard (SCENIC N300, i845GV) [1734:1004]
	Kernel driver in use: ehci_hcd
00:1e.0 PCI bridge [0604]: Intel Corporation 82801 PCI Bridge [8086:244e] (rev 82)
00:1f.0 ISA bridge [0601]: Intel Corporation 82801DB/DBL (ICH4/ICH4-L) LPC Interface Bridge [8086:24c0] (rev 02)
00:1f.1 IDE interface [0101]: Intel Corporation 82801DB (ICH4) IDE Controller [8086:24cb] (rev 02)
	Subsystem: Fujitsu Technology Solutions D1451 Mainboard (SCENIC N300, i845GV) [1734:1004]
	Kernel driver in use: ata_piix
00:1f.3 SMBus [0c05]: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) SMBus Controller [8086:24c3] (rev 02)
	Subsystem: Fujitsu Technology Solutions D1451 Mainboard (SCENIC N300, i845GV) [1734:1004]
	Kernel driver in use: i801_smbus
00:1f.5 Multimedia audio controller [0401]: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller [8086:24c5] (rev 02)
	Subsystem: Fujitsu Technology Solutions Device [1734:0088]
	Kernel driver in use: Intel ICH
01:00.0 VGA compatible controller [0300]: Matrox Graphics, Inc. MGA G400/G450 [102b:0525] (rev 85)
	Subsystem: Matrox Graphics, Inc. Millennium G450 32Mb SDRAM Dual Head [102b:0641]
	Kernel driver in use: matrox_w1
02:08.0 Ethernet controller [0200]: Intel Corporation 82801DB PRO/100 VM (LOM) Ethernet Controller [8086:103b] (rev 82)
	Subsystem: Fujitsu Technology Solutions Device [1734:1002]
	Kernel driver in use: e100


Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

Initial boot:           [O]
Detect network card:    [O]
Configure network:      [O]
Detect CD:              [O]
Load installer modules: [O]
Detect hard drives:     [O]
Partition hard drives:  [O]
Install base system:    [O]
Clock/timezone setup:   [O]
User/password setup:    [O]
Install tasks:          [O]
Install boot loader:    [O]
Overall install:        [O]

Comments/Problems:

Installation without any problems!
I installed from netinst-cd combined with a german mirror, I used the
graphical installer, desktop environment LXDE was chosen, grub2 was
installed in the MBR (nice grub boot menu screen!).


I have one security related question:
I selected, that the root account should be deactivated, and the first
regular user receives administrative rights via sudo.
This works so far.
But if I start the machine via the "recovery mode" entry in the grub
menu (runlevel 1), I get a root (!) shell without beeing asked for 
any password!!!
("sulogin: root account is locked, starting shell")
Is this correct and intended?



Thanks for your work!

Holger

-- 

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Created with Sylpheed 2.5.0
    under DEBIAN GNU/LINUX 5.0.0 - L e n n y
        Registered LinuxUser #311290 - http://counter.li.org/
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

--- End Message ---

--- Begin Message ---

To: Holger Wansing <linux@wansing-online.de>, 603848-done@bugs.debian.org

Subject: Re: Bug#603848: [Squeeze Beta1] Successful installation - but one security question

From: Christian PERRIER <bubulle@debian.org>

Date: Thu, 18 Nov 2010 06:44:09 +0100

Message-id: <20101118054409.GM3765@mykerinos.kheops.frmug.org>

In-reply-to: <[🔎] 20101117221454.88f1ee01.linux@wansing-online.de>

References: <[🔎] 20101117221454.88f1ee01.linux@wansing-online.de>
> I have one security related question:
> I selected, that the root account should be deactivated, and the first
> regular user receives administrative rights via sudo.
> This works so far.
> But if I start the machine via the "recovery mode" entry in the grub
> menu (runlevel 1), I get a root (!) shell without beeing asked for 
> any password!!!
> ("sulogin: root account is locked, starting shell")


I don't really see what else could be done...

Anyway, this is the intended behaviour of sulogin(8).
Attachment: signature.asc
Description: Digital signature

--- End Message ---

Reply to:

References:
- Bug#603848: [Squeeze Beta1] Successful installation - but one security question
  - From: Holger Wansing <linux@wansing-online.de>

Prev by Date: reassign 603459 to cdebconf-udeb
Next by Date: Bug#603798: debian-installer: /tmp is not created with 777 mode when doing manual disk partitionning
Previous by thread: Bug#603848: [Squeeze Beta1] Successful installation - but one security question
Next by thread: Bug#603848: [Squeeze Beta1] Successful installation - but one security question
Index(es):
- Date
- Thread