[TriLUG] Ubuntu - great security - you'll love this

Matt Nash mattnash at intrex.net
Mon Mar 13 09:15:14 EST 2006


In the Ubuntu install, the root user is disabled by default.  Only 
during an expert install would you specify a root password and enable 
the account.  Presumably, expert grandmas would also keep up with updates.

Matt

Jason Faulkner wrote:

>I'm not trying to bash, but this isn't a vulnerability that's just "fixed".
>
>There are thousands of ubuntu installs that now have root passwords in
>their installerlogs. For a "grandma" user, which most people point
>toward ubuntu nowadays, they're clueless about it, and now their boxes
>are setup to be screwed over just any shell exploit.
>
>--Jay
>
>On 3/13/06, crimsun at fungus.sh.nu <crimsun at fungus.sh.nu> wrote:
>  
>
>>On Mon, Mar 13, 2006 at 07:04:06AM -0500, Magnus wrote:
>>    
>>
>>>The root password from the first user registred by Breezy can be found by
>>>any user by reading the file /var/log/installer/cdebconf/questions.dat
>>>      
>>>
>>Pretty ugly. And of course, fixed [0].
>>
>>[0] http://www.ubuntu.com/usn/usn-262-1
>>    
>>
>
>
>--
>Jason Faulkner
>------------------------
>OldOs.org Owner/Admin //
>OpenDocument Fellowship Sysadmin
>  
>




More information about the TriLUG mailing list