security issues
Vram
lamsokvr at xprt.net
Tue Mar 14 06:41:27 UTC 2006
On Mon, 2006-03-13 at 18:04 -0600, Lamp wrote:
> "Karl Øie discovered that the Ubuntu 5.10 installer failed to clean
> passwords in the installer log files. Since these files were
> world-readable, any local user could see the password of the first
> user account, which has full sudo privileges by default.
>
> The updated packages remove the passwords and additionally make the
> log files readable only by root."
>
>
> Why on God's green earth was the password ever written to a file in
> the first place?!?!?? I use ubuntu because it's "easy," not expecting
> it to be ultra secure, but this is ridiculous. To compound the
> problem the explanation given is awful... "since these files were
> world-readable" should have been, "some dumbass wrote code that wrote
> clear text passwords to disk"--the readability of the files is
> irrelevant. I'm switching distros ASAP, there's no way I can trust
> ubuntu after this.
>
> --
> lampajoo at gmail.com
>
We TOO!!!!!
Windows for ME!!!
<smile>
<hehe>
Vram
More information about the ubuntu-users
mailing list