security risk in the profile LFS-4.0
vassilidzuba at nerim.net
Thu Oct 10 14:13:33 PDT 2002
On Wed, 9 Oct 2002 23:03:29 +0000 (UTC)
gerard at linuxfromscratch.org (Gerard Beekmans) wrote:
> On October 9, 2002 04:23 pm, Vassili Dzuba wrote:
> > I changed the profile to add a password if one creates
> > the temporary user (but of course does not change the password if the
> > user already exists).
> Setting or not setting a password poses no security risk. If you don't have a
> password set, you simply can't login as that user directly, unless you su to
> root first, then you can change to the lfs user.
Well, on my machine, after creating the user i'm able to perform
a su (from a non-root account) or a login with a blank password
and get accepted.
Maybe i need to look at this more carefully...
> Gerard Beekmans
> -*- If Linux doesn't have the solution, you have the wrong problem -*-
> Unsubscribe: send email to listar at linuxfromscratch.org
> and put 'unsubscribe alfs-discuss' in the subject header of the message
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe alfs-discuss' in the subject header of the message
More information about the alfs-discuss