Request for lh_config switch to set default password

Subject: Request for lh_config switch to set default password
From: michael.creel at uab.es (Michael Creel)
Date: Wed, 20 Feb 2008 14:52:09 +0100
Message-id: <[🔎] c8f260e70802200552s513a4efbq9d654697f89ba19e@mail.gmail.com>

Hello all,
This has been discussed on IRC a little, but I wanted to summarize why I
think that a means of letting the user set the password at the time the
bootable image is created (or booted) would be good. Right now, the default
password is "live", and sudo is enabled. This might pose a security risk.
Suppose that
* people know that Debian Live is being used on a system
* the password has been left at the default
* the system ordinarily gets its IP by dhcp
* this IP is known to people
* the DL user activates ssh
If this is the case, then I believe that an outsider could log in and then
have access to sudo, without the DL user being aware of what is going on.

There was a "Headless Knoppix" (http://www.knoppix.net/wiki/Headless_Knoppix)
that might be useful as a reference. In my opinion, a solution that allows
the password to be specified using a switch to lh_config would be ideal.


Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/debian-live-devel/attachments/20080220/9474fd66/attachment.htm

Reply to:

Follow-Ups:
- Request for lh_config switch to set default password
  - From: jordipujolp at gmail.com (Jordi Pujol)

Prev by Date: Debian Live patch
Next by Date: Debian Live patch
Previous by thread: Latest aufs, squashfs and lzma modules for kernel 2.6.24
Next by thread: Request for lh_config switch to set default password
Index(es):
- Date
- Thread