security issues
Wade Smart
wade at wadesmart.com
Tue Mar 14 14:57:58 UTC 2006
03142006 0857 GMT-6
One security problem and you jump ship? You'll never have an OS!
wade
Vram wrote:
>On Mon, 2006-03-13 at 18:04 -0600, Lamp wrote:
>
>
>>"Karl Øie discovered that the Ubuntu 5.10 installer failed to clean
>>passwords in the installer log files. Since these files were
>>world-readable, any local user could see the password of the first
>>user account, which has full sudo privileges by default.
>>
>>The updated packages remove the passwords and additionally make the
>>log files readable only by root."
>>
>>
>>Why on God's green earth was the password ever written to a file in
>>the first place?!?!?? I use ubuntu because it's "easy," not expecting
>>it to be ultra secure, but this is ridiculous. To compound the
>>problem the explanation given is awful... "since these files were
>>world-readable" should have been, "some dumbass wrote code that wrote
>>clear text passwords to disk"--the readability of the files is
>>irrelevant. I'm switching distros ASAP, there's no way I can trust
>>ubuntu after this.
>>
>>--
>>lampajoo at gmail.com
>>
>>
>>
>
>
>
>We TOO!!!!!
>
>Windows for ME!!!
><smile>
><hehe>
>
>Vram
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060314/dfbf96ee/attachment.html>
More information about the ubuntu-users
mailing list