security issues
- From: Lamp <lampajoo@xxxxxxxxx>
- Date: Mon, 13 Mar 2006 18:04:20 -0600
"Karl Øie discovered that the Ubuntu 5.10 installer failed to clean
passwords in the installer log files. Since these files were
world-readable, any local user could see the password of the first
user account, which has full sudo privileges by default.
The updated packages remove the passwords and additionally make the
log files readable only by root."
Why on God's green earth was the password ever written to a file in
the first place?!?!?? I use ubuntu because it's "easy," not expecting
it to be ultra secure, but this is ridiculous. To compound the
problem the explanation given is awful... "since these files were
world-readable" should have been, "some dumbass wrote code that wrote
clear text passwords to disk"--the readability of the files is
irrelevant. I'm switching distros ASAP, there's no way I can trust
ubuntu after this.
--
lampajoo@xxxxxxxxx
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- Follow-Ups:
- Please do NOT feed the Troll : was Re: security issues
- From: paul cooke
- Re: security issues
- From: Colin Watson
- Re: security issues
- From: Colin Brace
- Re: security issues - switching to what?
- From: Carl Karsten
- Re: security issues
- From: Dennis Kaarsemaker
- Re: security issues
- From: Vram
- Re: security issues
- From: Kenneth P. Turvey
- Re: security issues
- From: Darryl Clarke
- Re: security issues
- From: Julio Biason
- Re: security issues
- From: Michael V. De Palatis
- Please do NOT feed the Troll : was Re: security issues
- Prev by Date: New Ubuntu user. Whiching from Mozilla Firefox to Moxilla Thunderbird
- Next by Date: Re: New Ubuntu user. Whiching from Mozilla Firefox to Moxilla Thunderbird
- Previous by thread: New Ubuntu user. Whiching from Mozilla Firefox to Moxilla Thunderbird
- Next by thread: Re: security issues
- Index(es):
Relevant Pages
|
