On Thu, May 01, 2008 at 05:39:07PM +0300, Tzafrir Cohen wrote: > On Thu, May 01, 2008 at 09:48:45AM -0400, John Reese wrote: >> Marco Amadori wrote: >>> ssh wise, Ubuntu's choice is more secure, because it disallows ssh >>> logins if the local console user did not provide a new password. >>> >>> I think that using a NULL password like ubuntu do and providing >>> both an interactive way to change it and a boot parameter could >>> be the way I would like to have the user password managed. >>> >>> That way we could have a more secure default image approach, a >>> secure personal use approach and the ability to set a password >>> easely at build time. >> >> I have to agree with this. I really like the Ubuntu approach to >> securing the root/default users, and I'd like to put my support >> behind making this behavior the preferred method. > > A user has to install ssh explicitly, anyway. But what happens when > that "secure" user installs a service that doesn't care about empty > passwords?
What kind of user? - An end user running the default Debian Live system; changing the /cow which will be lost on boot. - A similar end user running a customized Live system created by an (intermediary) lh user; or - An (intermediary) lh user, creating a Live system with on-by-default attackable services like ssh and httpd? It seems to me that these cases are fundamentally different, and should be considered separately. _______________________________________________ debian-live-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/debian-live-devel
