On Mon, 24 Feb 2020 17:38:53 +0100 =?utf-8?q?Rapha=C3=ABl_Hertzog?= <raphael@offensive-security.com> wrote: > Package: user-setup > Version: 1.83 > Severity: normal > User: devel@kali.org > Usertags: origin-kali > > Following https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211 > the systemd-sulogin-shell binary run by rescue.service and > emergency.service now adds the --force flag for the sulogin call > when SYSTEMD_SULOGIN_FORCE is set to 1 in the environment. > > https://github.com/systemd/systemd/commit/33eb44fe4a8d7971b5614bc4c2d90f8d91cce66c > explains that the expectation is that distributions should now > put service override files to set this environment variable. > > Thus user-setup should create the appropriate configuration file when > the root account is not configured. Maybe this should be controlled > by some low priority debconf question as the password-less login through > the rescue boot entry can be seen as a security issue by some. > There is https://salsa.debian.org/ah/user-setup/commits/wip/rootpassword thanks to Andreas. I'd suggest that people caring about that issue submit this as proper MR. Regards, Michael
Attachment:
signature.asc
Description: This is a digitally signed message part