[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] pro's and cons of not letting GUI change ro ot password

Subject: Re: [cobalt-security] pro's and cons of not letting GUI change ro ot password
From: "Jelmer Jellema" <cobalt@xxxxxxxxxxxxxxx>
Date: Tue, 5 Mar 2002 08:54:11 +0100
Organization: Spin in het Web (www.spininhetweb.nl)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

From: "Gerald Waugh" <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>

> > My mistake, then. Is there anyone with a test RaQ 4 who could just test
what
> > this button does?
>
> I have one, but I am away for the day, I'll check it this evening.
> Did, you read the pwreset script?

Yeah, I did. It seems it chooses a new root password in the following way:
1. It assigns "*" to the root password
2. It looks in /etc/passwd.master for another one, if it finds it, it uses
that one.

In my /etc/passwd.master there is an empty root password and I *think* the
regex in pwreset allows for that. That would mean it does not lock the root
password, but resets it, as long as the empty password is in
/etc/passwd.master

Thanks for the thoughts,

Jelmer

References:
- Re: [cobalt-security] pro's and cons of not letting GUI change ro ot password
  - From: Jelmer Jellema
- Re: [cobalt-security] pro's and cons of not letting GUI change ro ot password
  - From: Gerald Waugh

Prev by Date: Re: AW: [cobalt-security] Unofficial PHP 4.1.2 PKG available
Next by Date: Re: [cobalt-security] chkrootkit keeps complaining about hidden processes
Previous by thread: Re: [cobalt-security] pro's and cons of not letting GUI change ro ot password
Next by thread: [cobalt-security] Unofficial PHP 4.1.2 PKG available

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index