[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Request for lh_config switch to set default password

Hello all,
This has been discussed on IRC a little, but I wanted to summarize why I
think that a means of letting the user set the password at the time the
bootable image is created (or booted) would be good. Right now, the default
password is "live", and sudo is enabled. This might pose a security risk.
Suppose that
* people know that Debian Live is being used on a system
* the password has been left at the default
* the system ordinarily gets its IP by dhcp
* this IP is known to people
* the DL user activates ssh
If this is the case, then I believe that an outsider could log in and then
have access to sudo, without the DL user being aware of what is going on.

There was a "Headless Knoppix" (http://www.knoppix.net/wiki/Headless_Knoppix)
that might be useful as a reference. In my opinion, a solution that allows
the password to be specified using a switch to lh_config would be ideal.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/debian-live-devel/attachments/20080220/9474fd66/attachment.htm 

Reply to: