[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: access the cleartext root password during installation

On 05/18/2010 11:06 AM, Jonas Smedegaard wrote:
> On Tue, May 18, 2010 at 09:37:56AM +0200, Finn-Arne Johansen wrote:
>> On 05/15/2010 05:43 PM, Andreas B. Mundt wrote:
>>> Hi,
>>> So my question is: Can I, by any means, access the root password
>>> entered at the beginning of the installation at a later stage of the
>>> installation process in clear text?
>>> Alternative ideas or solutions are of course welcome.
>> Is it possible to create an udeb (or use debian-edu-*udeb) to ask for
>> the main password, store it in cleartext, preseed the root password,
>> then remove the cleartext password at the end of the installation.
> I suspect that to be a dangerous approach: In effect this would
> duplicate (albeit hashed) the original root password which will *not*
> change if the original root password is later changed.

Not sure if you understood what I meant.

What I meant was something like this:
During debian-edu-preesed-udeb (dont remember the name of the udeb now),
the installer is preseeded to not ask for additional username/pw, and to
select the debian-edu tasks automaticly. if it's possible, we could also
preseed the password in this udeb, causing the opriginal password prompt
to be surpressed(?)/preseeded. This password is also stored in cleartext
somewhere on the installation ramdisk used by the installer. or maybe
preeseded for the kerberos stuff. If this cleartext password is only
stored on the installer ramdisk, then it will be gone after the initial
reboot. if not (eg. the password is stored in cleartext on the installed
system), the password would have to be deleted/hashed/whatever during
the first bootup.
if not - it could be possible to test against the password stored in the
ldap if ldap is running during the installation (not sure if it does),
to make sure the passwords are identical. But that would also be a
special hack for debian-edu I think.

> I do not find it uncommon to use a quick'n'dirty password at install
> time and then tighten security later.  With this approach the too weak,
> temporary, initial password would silently become a weak backdoor into
> the system.

If you know how to administer things, you would also know that you need
to change another password as well. As already done in debian-edu.
The root-account password is also used by the ldap admin user:

> I certainly hope that no similar approach is in use today already!
As there is already 2 different accounts which uses the password, in
debian-edu, you may need to change both passwords if you already change
the passwords.

Of course, after you've created an admin user, you could obfuscate the
admin user password so that noone knows it. If you have access to the
confg file for slapd, you can always gain control over the ldap admin

// faj

Reply to: