Hi Andreas, Dmitry Bogatov <kact...@debian.org> writes:
> [2016-05-07 11:12] Andreas Henriksson <andr...@fatal.se> >> [...] >> The initscripts package (src:sysvinit) needs equivalent changes to >> restore the old status quo (and thus ignoring potential kiosk mode usecase >> problems -- kiosk mode users should alter their init scripts and remove >> the --force flag to be secure). > > Sounds convincing to me. So I prepared commit wip/bug-823660. Dear > co-maintainers, any objections? @Andreas, what do you mean by "kiosk mode"? Could you please define it precisely? I don't think sysvinit should blindly follow behaviors of systemd. Entering the system as root without password prompt is a severe security hole. You may argue that if a cracker gets physical access to the machine, the system is actually compromised. Well, a cracker, sometimes a thief, usually has a limited time penetrating a computer physically, while a system administrator has virtually infinite amount of time. Therefore, the ease of not entering root password for sysadmin, does not shift the risk that the system gets compromised quickly. > Andreas Henriksson <andr...@fatal.se> > > The systemd package has been updated to pass the --force flag. As the sulogin(8) says, > Only use the -e option if you are sure the console is physically > protected against unauthorized access. Systemd imposes a big security risk to all the ignorant users without telling them they need to make sure their console is physically protected against unauthorized access, which is a harmful move we should not follow. Yours, Benda
