Joseph Kowalski wrote:
>
> Uh right, but should the language talking about a potential major
> release binding be removed, then I think the following discussion
> still becomes relevant.
>
> Then again, maybe we should just derail this in general, just because
> this seems to have become rather "non-obvious"?
> (That's a question, not a statement.)
The original case, with the controversial language removed, seemed
relatively obvious to me. (I.e. allow a non-root user/password pair to
be used by sulogin.)
There are lot of administrative consequences of that (the credentials
need to be accessible for sulogin, and if you're doing this, are you
also doing other things to restrict access to the root account, etc.)
but I think they get into site administrative preferences, and aren't
*particularly* germane to this case.
I'd like to see the original case able to go forward without being
derailed (with the controversial language removed), because I think it
is potentially very useful to sites that want to limit the need for
shared root passwords, and I think derailing will just deepen the
rat-hole down which this conversation seems to be headed.
-- Garrett
>
> GO LAKERS!
>
> - jek3
>
>
>
> Garrett D'Amore wrote:
>> Can we stop arguing about this at this point? I think Joe asked for
>> the case to be modified to remove the contentious language. Either
>> it will, and all this argument is moot, or it won't, and the case
>> will be derailed.
>>
>> If the former, then having this discussion now is a waste of time.
>>
>> If the latter, then having this discussion right now is probably
>> still a waste of time, because at that point the project team is
>> probably going to need to prepare more complete case materials.
>>
>> Submitter, I haven't noticed, has the spec for this case been updated
>> as Joe requested? Or are you declining to do so?
>>
>> -- Garrett
>>
>> Darren Reed wrote:
>>> james hughes wrote:
>>>
>>>>
>>>> On May 13, 2008, at 4:50 PM, Bart Smaalders wrote:
>>>>
>>>>>
>>>>> How do I log into and configure a blank system image? Is a default
>>>>> account created that has this privilege, or does the lack of such
>>>>> an account mean that the system must be repaired by booting
>>>>> from alternate media?
>>>>
>>>>
>>>> Loosing or breaking the administrator's account is identical to
>>>> loosing root password.
>>>>
>>>>> How will we insure that there are real administrative users present
>>>>> in the password file?
>>>>
>>>>
>>>> The real administrative users present in the password file because
>>>> the initial installation put it there.
>>>>
>>>> This is not about the elimination of root as a much as it is the
>>>> ability to create a machine that has a no root password. Previous
>>>> methods of having root have a password are still possible.
>>>
>>>
>>> Are you not creating a root account or are you creating a root account
>>> but not using the root username?
>>>
>>> If you're creating a system administration account, but simply under
>>> another name, then there is no security benefit from this change -
>>> except that someone now has to "guess" the administration account
>>> name if they don't know it already...
>>>
>>> ...and this is where Windows is at today: it's come from having
>>> "administrator" as the default "root" account to creating a user
>>> account at install (using your name) that has full privilege,
>>> meaning malware likely has the required privilege it needs when
>>> opened via Outlook, even though the user who is logged in is
>>> not called "administrator", they still have "administrator" power.
>>> Net result: you have to guess an account name to try and login
>>> to the system with before going further.
>>>
>>> If there is no followup to this case to make the prescribed
>>> changes to root then I'd like the following questions to be
>>> answered as part of this case (if it hasn't been derailed yet):
>>>
>>> What are the security threats that this change is intended
>>> to provide protection from?
>>>
>>> How does this change mitigate the security threats that
>>> it is intending to provide protection from?
>>>
>>> What are the security risks that this change introduces?
>>>
>>> Darren
>>>
>>
>>
>
