Re: [POSSIBLE GRAVE SECURITY HOLD]
- To: John Goerzen <jgoerzen@complete.org>
- Cc: Pierre Beyssac <beyssac@enst.fr>, Ruud de Rooij <ruud@ruud.org>, Joseph Carter <knghtbrd@debian.org>, Martijn van Oosterhout <kleptog@cupid.suninternet.com>, Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
- From: Thomas Quinot <quinot@email.enst.fr>
- Date: Wed, 2 Feb 2000 17:10:02 +0100
- Message-id: <20000202171002.B29101@lantier.enst.fr>
- Reply-to: quinot@inf.enst.fr
- In-reply-to: <87n1pjk3md.fsf@erwin.complete.org>; from jgoerzen@complete.org on Wed, Feb 02, 2000 at 09:47:54AM -0600
- References: <2000-02-02-11-38-12+trackit+sam@debian.org> <389823E6.37B56639@cupid.suninternet.com> <20000202045337.A10828@debian.org> <87og9zd9wx.fsf@hobbes.home.ruud.org> <20000202145212.S99806@enst.fr> <87n1pjk3md.fsf@erwin.complete.org>
Le 2000-02-02, John Goerzen écrivait :
> The console is automatically insecure. What led you to believe
> otherwise?
This is pointless handwaving. Do you mean that no password
should be required to log in as any user on the console?
Perhaps you should file a wishlist bug against /bin/login to
that effect.
I sincerely thought that Debian was in the business of
providing a reasonably secure distribution. This is not
what I am seeing here, and this is an apalling sight.
Thomas.
--
Thomas Quinot ** Département Informatique & Réseaux ** quinot@inf.enst.fr
ENST // 46 rue Barrault // 75634 PARIS CEDEX 13
Reply to: