| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
|
| 5 |
On May 18, 2004, at 7:46 AM, Chris Gianelloni wrote: |
| 6 |
|
| 7 |
> I don't see a problem with setting sshd on by default. |
| 8 |
Eeek! |
| 9 |
I do :) |
| 10 |
|
| 11 |
> We would need |
| 12 |
> some method to allow for a password to be set at boot. Personally, I |
| 13 |
> think there should be a dopassword=<password> option to the CD. |
| 14 |
You're going to have to do some custom kernel patches to block the |
| 15 |
password from being displayed in /proc/cmdline . Further, from what I |
| 16 |
understand of it, this will have to be done via initial init scripts |
| 17 |
(basically auto-set the password), so said kernel patch would have to |
| 18 |
have a way to adjust /proc/cmdline after the fact (rather then just |
| 19 |
masking dopasswd from display). |
| 20 |
|
| 21 |
Alternatively, the patch could export the password as a new entry in |
| 22 |
/proc (say /proc/initial-pass) w/ 0400 root:root . Neither sound fun |
| 23 |
:) |
| 24 |
|
| 25 |
> This |
| 26 |
> way, the password is still scrambled if the user doesn't specify one on |
| 27 |
> the command line, and also allows for someone to enter one at boot |
| 28 |
> time. |
| 29 |
Being completely paranoid/anal, the scrambling method would have to be |
| 30 |
checked to ensure it isn't easily brute forced- w/out any network |
| 31 |
services, this is a laughable concerne. With network services enabled, |
| 32 |
it isn't. |
| 33 |
There also is the potential for a remote exploit to be discovered in |
| 34 |
openssh, which would really screw the pooch if it was enabled by |
| 35 |
default for installations from our install cds... |
| 36 |
|
| 37 |
> This way, we don't end up with CDs with blank passwords being |
| 38 |
> used for root. After all, isn't that the reason we starting scrambling |
| 39 |
> the password in the first place? |
| 40 |
Personally, I'm of the opinion that it's more trouble (both potential, |
| 41 |
and work required to get it going) then it's worth. |
| 42 |
From a security standpoint, I'd complain less if this were an optional |
| 43 |
boot time enabling, although I wouldn't want to do the patches :) |
| 44 |
|
| 45 |
Dunno, if I were in the position to need to do multiple headless |
| 46 |
installations, I'd probably hack up a livecd myself. |
| 47 |
Alternatives? |
| 48 |
~brian |
| 49 |
-----BEGIN PGP SIGNATURE----- |
| 50 |
Version: GnuPG v1.2.4 (Darwin) |
| 51 |
|
| 52 |
iD8DBQFAq6XcvdBxRoA3VU0RAgsfAKDnMTTl1Dhv7kiGrRbYCcQxhByVBgCfXf0R |
| 53 |
NiCi0+WrIw3/EEnfwQi+6nA= |
| 54 |
=kerf |
| 55 |
-----END PGP SIGNATURE----- |
| 56 |
|
| 57 |
|
| 58 |
-- |
| 59 |
gentoo-releng@g.o mailing list |
Archives