1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
On May 18, 2004, at 7:46 AM, Chris Gianelloni wrote: |
6 |
|
7 |
> I don't see a problem with setting sshd on by default. |
8 |
Eeek! |
9 |
I do :) |
10 |
|
11 |
> We would need |
12 |
> some method to allow for a password to be set at boot. Personally, I |
13 |
> think there should be a dopassword=<password> option to the CD. |
14 |
You're going to have to do some custom kernel patches to block the |
15 |
password from being displayed in /proc/cmdline . Further, from what I |
16 |
understand of it, this will have to be done via initial init scripts |
17 |
(basically auto-set the password), so said kernel patch would have to |
18 |
have a way to adjust /proc/cmdline after the fact (rather then just |
19 |
masking dopasswd from display). |
20 |
|
21 |
Alternatively, the patch could export the password as a new entry in |
22 |
/proc (say /proc/initial-pass) w/ 0400 root:root . Neither sound fun |
23 |
:) |
24 |
|
25 |
> This |
26 |
> way, the password is still scrambled if the user doesn't specify one on |
27 |
> the command line, and also allows for someone to enter one at boot |
28 |
> time. |
29 |
Being completely paranoid/anal, the scrambling method would have to be |
30 |
checked to ensure it isn't easily brute forced- w/out any network |
31 |
services, this is a laughable concerne. With network services enabled, |
32 |
it isn't. |
33 |
There also is the potential for a remote exploit to be discovered in |
34 |
openssh, which would really screw the pooch if it was enabled by |
35 |
default for installations from our install cds... |
36 |
|
37 |
> This way, we don't end up with CDs with blank passwords being |
38 |
> used for root. After all, isn't that the reason we starting scrambling |
39 |
> the password in the first place? |
40 |
Personally, I'm of the opinion that it's more trouble (both potential, |
41 |
and work required to get it going) then it's worth. |
42 |
From a security standpoint, I'd complain less if this were an optional |
43 |
boot time enabling, although I wouldn't want to do the patches :) |
44 |
|
45 |
Dunno, if I were in the position to need to do multiple headless |
46 |
installations, I'd probably hack up a livecd myself. |
47 |
Alternatives? |
48 |
~brian |
49 |
-----BEGIN PGP SIGNATURE----- |
50 |
Version: GnuPG v1.2.4 (Darwin) |
51 |
|
52 |
iD8DBQFAq6XcvdBxRoA3VU0RAgsfAKDnMTTl1Dhv7kiGrRbYCcQxhByVBgCfXf0R |
53 |
NiCi0+WrIw3/EEnfwQi+6nA= |
54 |
=kerf |
55 |
-----END PGP SIGNATURE----- |
56 |
|
57 |
|
58 |
-- |
59 |
gentoo-releng@g.o mailing list |