Bug#802211: systemd: rescue.service fails if root password is not set, needs sulogin --force
Michael Biebl
biebl at debian.org
Thu Mar 30 23:51:08 BST 2017
Am 31.03.2017 um 00:27 schrieb Nathan Dorfman:
> Hi, this is still an issue with the default stretch install, if the
> option to not set a root password is taken at installation.
>
> It is quite severe IMO, especially considering how likely it is to be
> discovered only when the rescue shell is actually needed.
>
> If this really can't be fixed before release, I'd strongly suggest
> that debian-installer force a root password to be set until it can.
>
> On a secondary note, I personally find it rather ludicrous that this
> trivial fix is being held up by some kiosk considerations. Setting up
> one of those usually requires many other customizations (for example,
> disabling the default window manager), and it makes little sense to
> opt for sudo over a separate root account at installation time for a
> kiosk in the first place.
>
> On the other hand, the much more common desktop use case shouldn't be
> this broken out of the box. IMHO, of course.
>
Consider this: You have a laptop with a locked root account. By default
the grub boot loader generates a boot entry for rescue mode.
So, even if you lock down the bios to not allow booting from CD-Rom or
USB, and you password protect grub, someone could easily get root access
if you leave the laptop unattended for a moment.
I know that the only safe solution for this is to fully encrypt your
hard-drive. But there are lot's of existing systems out there which
don't use full-disk encryption.
Imo the only safe solution would be, if sulogin would be changed to
check for "admin" accounts in case root is locked. In this case it would
ask for both username and password in this case.
Admin accounts would be those in group sudo (Debian) or admin(Ubuntu).
Maybe I'm overly paranoid here, but maybe that helps to better
understand my concerns.
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20170331/a35bc00f/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list