In the Ubuntu install, the root user is disabled by default. Only
during an expert install would you specify a root password and enable
the account. Presumably, expert grandmas would also keep up with updates.
Matt
Jason Faulkner wrote:
I'm not trying to bash, but this isn't a vulnerability that's just "fixed".
There are thousands of ubuntu installs that now have root passwords in
their installerlogs. For a "grandma" user, which most people point
toward ubuntu nowadays, they're clueless about it, and now their boxes
are setup to be screwed over just any shell exploit.
--Jay
On 3/13/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
On Mon, Mar 13, 2006 at 07:04:06AM -0500, Magnus wrote:
The root password from the first user registred by Breezy can be found by
any user by reading the file /var/log/installer/cdebconf/questions.dat
Pretty ugly. And of course, fixed [0].
[0] http://www.ubuntu.com/usn/usn-262-1
--
Jason Faulkner
------------------------
OldOs.org Owner/Admin //
OpenDocument Fellowship Sysadmin
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
