Re: Security risks?
I think with Webconverger at one stage I was deleting /etc/sudoers in a hook. Though I removed the line, as I usually require sudo for debugging and normal users shouldn't be able to reach a terminal. Best wishes, -- http://webconverger.com ___ Debian-live-devel mailing list Debian-live-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/debian-live-devel
Security risks?
Having created a live Debian for a USB stick with 'make-live' using among others the '--username usblive' option I noticed that the USB stick always boots into the 'usblive' user account. And any command which require root privileges are to be preceded by the 'sudo'. Questions: Is this really a secure setup? Why doesn't 'sudo' prompt for a root password? How exactly was it configured so as not to even prompt for a password for the normal user after bootup? And how exactly was it configured so as not to have a root account? Is all the magic done via the /etc/sudoers file only? J.Neuhoff ___ Debian-live-devel mailing list Debian-live-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/debian-live-devel
Re: Security risks?
[EMAIL PROTECTED] wrote: Is this really a secure setup? no :) well, better.. not yet. Why doesn't 'sudo' prompt for a root password? because we configured it like this. How exactly was it configured so as not to even prompt for a password for the normal user after bootup? And how exactly was it configured so as not to have a root account? look at 10adduser resp. 15autlogin in live-initramfs/scripts/live-bottom/ resp. casper/scripts/casper-bottom/. Is all the magic done via the /etc/sudoers file only? yep. Today, I've added 'noautologin', 'noxautologin' and 'nosudo' boot parameters to disable the respective features in live-initramfs in SVN. Will think of a 'clever' way to have --user-password and --root-password or similar in live-helper. -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ ___ Debian-live-devel mailing list Debian-live-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/debian-live-devel
Re: Security risks?
On Fri, 18 May 2007 18:59:22 +0200 Daniel Baumann [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Is this really a secure setup? no :) True. But it's not as bad as it might at first appear. You can't login remotely to a livecd system. And even if you were to start an ssh server, you wouldn't be able to login to an account with no password set on it. Basically, anyone with physical access to the machine would have root on it unless the livecd contains software that is remotely exploitable, and if that's the case, you have bigger problems than just not requiring a password for sudo. Ben -- ,-. nSLUGhttp://www.nslug.ns.ca [EMAIL PROTECTED] \`' Debian http://www.debian.org[EMAIL PROTECTED] ` [ gpg 395C F3A4 35D3 D247 1387 2D9E 5A94 F3CA 0B27 13C8 ] [ pgp 7F DA 09 4B BA 2C 0D E0 1B B1 31 ED C6 A9 39 4F ] ___ Debian-live-devel mailing list Debian-live-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/debian-live-devel