[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] pro's and cons of not letting GUI change root password

Subject: Re: [cobalt-security] pro's and cons of not letting GUI change root password
From: "Jelmer Jellema" <cobalt@xxxxxxxxxxxxxxx>
Date: Sat, 2 Mar 2002 12:31:54 +0100
Organization: Spin in het Web (www.spininhetweb.nl)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

----- Original Message -----
From: "Mat Schaffer" <mschaffer@xxxxxxxxxxxxxxxxxxx>

> -----Original Message-----
> From: Jelmer Jellema [mailto:cobalt@xxxxxxxxxxxxxxx]
> Sent: Thursday, February 28, 2002 19:42
> - Will the button on the frontpanel still work, as to reset the root
> password? Or is this only for admin?
>
> ----------------------------
>
> AFAIK, the button will reset both passwords.
> -Mat

Nope, I checked it: it resets admin and blocks root, waiting for the admin
to change the password thru the gui, which changes / changed (depending on
the proposed change) the root password also.

So my proposal is now:

- comment out the line in the admin script that changes the root password
when the admin password is changed
- change the pwreset script to reset the root password also, or (better,
maybe) set it to some well known password that is just a bit better than
anyone being able to perform su without typing anyting.

Jelmer

References:
- RE: [cobalt-security] pro's and cons of not letting GUI change ro ot password
  - From: Mat Schaffer

Prev by Date: Re: [cobalt-security] Important! Please read this!
Next by Date: [cobalt-security] chkrootkit keeps complaining about hidden processes
Previous by thread: RE: [cobalt-security] pro's and cons of not letting GUI change ro ot password
Next by thread: Re: [cobalt-security] pro's and cons of not letting GUI change ro ot password

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index