Can we stop arguing about this at this point? I think Joe asked for the
case to be modified to remove the contentious language. Either it will,
and all this argument is moot, or it won't, and the case will be derailed.
If the former, then having this discussion now is a waste of time.
If the latter, then having this discussion right now is probably still a
waste of time, because at that point the project team is probably going
to need to prepare more complete case materials.
Submitter, I haven't noticed, has the spec for this case been updated as
Joe requested? Or are you declining to do so?
-- Garrett
Darren Reed wrote:
> james hughes wrote:
>
>>
>> On May 13, 2008, at 4:50 PM, Bart Smaalders wrote:
>>
>>>
>>> How do I log into and configure a blank system image? Is a default
>>> account created that has this privilege, or does the lack of such
>>> an account mean that the system must be repaired by booting
>>> from alternate media?
>>
>>
>> Loosing or breaking the administrator's account is identical to
>> loosing root password.
>>
>>> How will we insure that there are real administrative users present
>>> in the password file?
>>
>>
>> The real administrative users present in the password file because
>> the initial installation put it there.
>>
>> This is not about the elimination of root as a much as it is the
>> ability to create a machine that has a no root password. Previous
>> methods of having root have a password are still possible.
>
>
> Are you not creating a root account or are you creating a root account
> but not using the root username?
>
> If you're creating a system administration account, but simply under
> another name, then there is no security benefit from this change -
> except that someone now has to "guess" the administration account
> name if they don't know it already...
>
> ...and this is where Windows is at today: it's come from having
> "administrator" as the default "root" account to creating a user
> account at install (using your name) that has full privilege,
> meaning malware likely has the required privilege it needs when
> opened via Outlook, even though the user who is logged in is
> not called "administrator", they still have "administrator" power.
> Net result: you have to guess an account name to try and login
> to the system with before going further.
>
> If there is no followup to this case to make the prescribed
> changes to root then I'd like the following questions to be
> answered as part of this case (if it hasn't been derailed yet):
>
> What are the security threats that this change is intended
> to provide protection from?
>
> How does this change mitigate the security threats that
> it is intending to provide protection from?
>
> What are the security risks that this change introduces?
>
> Darren
>
