Ubuntu security hole? (not super major, but wondering if it is an issue to report)
Tony Arnold
tony.arnold at manchester.ac.uk
Tue May 9 10:37:32 UTC 2006
On Tue, 2006-05-09 at 11:25 +0100, Dick Davies wrote:
> On 09/05/06, Chanchao <custom at freenet.de> wrote:
>
> > Anyway 'obstacles..' what's wrong with just prompting for a username
> > and password just like gdm does everytime you boot up? Presumably users
> > remember those things. :)
>
> When fsck has failed, you are pretty screwed. The auth system may need things
> to be up (LDAP for example) that aren't going to be available.
Just to add to this. Authentication at least requires the system to be
able to read /etc/passwd which if the file system it's on cannot be
mounted, then as Dick says, you're screwed! I don't think there is much
choice but to drop the console to a root level prompt so that someone
can fix the system. It's been the behaviour of most Unix/Linux systems
for as long as I can remember.
Regards,
Tony.
--
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
More information about the ubuntu-users
mailing list