On Tue, Jul 14, 2009 at 07:37:28PM +0300, Tzafrir Cohen wrote: > Rationale: my live CD exposes an ssh server by default, which is a basic > requirement. I would thus like to allow the user to give some minimal > security from remote attackers who happen to read the documentation that > includes the default password.
Hiding it from remote attackers is indeed a noble cause. Sadly it was poorly implemented: http://updates.xorcom.com/iso/live-2.0.0-beta_config/config/chroot_local-includes/etc/apache2/conf.d/live_media.conf Fixed with an expliict alias of live.cfg to /dev/null . -- Tzafrir Cohen icq#16849755 jabber:[email protected] +972-50-7952406 mailto:[email protected] http://www.xorcom.com iax:[email protected]/tzafrir -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
