[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo security Was: Reporting missing package during install

On Tue 10 Dec 2013 at 11:18:17 -0600, yaro@marupa.net wrote:

> On Tuesday, December 10, 2013 11:15:26 AM John Hasler wrote:
> > Gian Uberto Lauri writes:
> > > Some of your argument seems to suggest that the Debian installer should
> > > not offer the option of leaving the root password blank
> > 
> > Gian Uberto Lauri
> > 
> > > IT DOES????? AAAAAAARGH!
> > 
> > It *disables* the root account.  Thus there is only one "vulnerable"
> > account.
> 
> Not only that, but now whoever seeks to compromise your account has the added 
> challenge of figuring out just what, exactly, the name of the account is. The 
> problem with 'root' is everyone who would intend to compromise it knows its 
> name.

The account name is immaterial. Only the password is of significance.
Reply to: