security issues

Lamp lampajoo at gmail.com
Tue Mar 14 00:04:20 UTC 2006


"Karl Øie discovered that the Ubuntu 5.10 installer failed to clean
passwords in the installer log files. Since these files were
world-readable, any local user could see the password of the first
user account, which has full sudo privileges by default.

The updated packages remove the passwords and additionally make the
log files readable only by root."


Why on God's green earth was the password ever written to a file in
the first place?!?!??  I use ubuntu because it's "easy," not expecting
it to be ultra secure, but this is ridiculous.  To compound the
problem the explanation given is awful... "since these files were
world-readable" should have been, "some dumbass wrote code that wrote
clear text passwords to disk"--the readability of the files is
irrelevant.    I'm switching distros ASAP, there's no way I can trust
ubuntu after this.

--
lampajoo at gmail.com




More information about the ubuntu-users mailing list