Re: [patch] upon install of new operating system version, do not set root password to empty string
On Sun, Dec 03, 2017 at 08:31:34AM +, Robert Peichaer wrote: > This is the exact code, that is already in install.sub. > So I don't understand this proposal. > > -- > -=[rpe]=- It's a joke diff only Mac users would have the capacity to understand. See https://mobile.twitter.com/lemiorhan/status/935578694541770752
Re: [patch] upon install of new operating system version, do not set root password to empty string
2017-11-28 21:59 GMT-02:00 Ian Sutton : > This is a highly theoretical and experimental mitigation which stops the > root password on newly upgraded/installed systems from being an empty > string. The thinking is that by not shipping an operating system with a > known root password, certain classes of attacks involving logging into > the root account might be avoided. I would like some feedback from the > cryptography team as well as NIST finalists in order to better ascertain > the implications of this behaviour. > I could install a system with empty root password, but with a ssh key
Re: [patch] upon install of new operating system version, do not set root password to empty string
On Wed, Nov 29, 2017 at 08:06:39AM +0100, Otto Moerbeek wrote: > On Tue, Nov 28, 2017 at 06:59:06PM -0500, Ian Sutton wrote: > > > This is a highly theoretical and experimental mitigation which stops the > > root password on newly upgraded/installed systems from being an empty > > string. The thinking is that by not shipping an operating system with a > > known root password, certain classes of attacks involving logging into > > the root account might be avoided. I would like some feedback from the > > cryptography team as well as NIST finalists in order to better ascertain > > the implications of this behaviour. > > Hmm, but afaiks, this is already done on install. What does you diff change? > > -Otto > > > > > Index: src/distrib/miniroot/install.sub > > === > > RCS file: /cvs/src/distrib/miniroot/install.sub,v > > retrieving revision 1.1032 > > diff -u -p -r1.1032 install.sub > > --- src/distrib/miniroot/install.sub8 Aug 2017 07:14:05 - > > 1.1032 > > +++ src/distrib/miniroot/install.sub28 Nov 2017 23:43:56 - > > @@ -2732,12 +2732,6 @@ do_install() { > > > > echo > > > > + while :; do > > + ask_password "Password for root account?" > > + _rootpass="$_password" > > + [[ -n "$_password" ]] && break > > + echo "The root password must be set." > > + done > > > > # Ask for the root user public ssh key during autoinstall. > > _rootkey= This is the exact code, that is already in install.sub. So I don't understand this proposal. -- -=[rpe]=-
Re: [patch] upon install of new operating system version, do not set root password to empty string
On Tue, Nov 28, 2017 at 06:59:06PM -0500, Ian Sutton wrote: > This is a highly theoretical and experimental mitigation which stops the > root password on newly upgraded/installed systems from being an empty > string. The thinking is that by not shipping an operating system with a > known root password, certain classes of attacks involving logging into > the root account might be avoided. I would like some feedback from the > cryptography team as well as NIST finalists in order to better ascertain > the implications of this behaviour. Hmm, but afaiks, this is already done on install. What does you diff change? -Otto > > Index: src/distrib/miniroot/install.sub > === > RCS file: /cvs/src/distrib/miniroot/install.sub,v > retrieving revision 1.1032 > diff -u -p -r1.1032 install.sub > --- src/distrib/miniroot/install.sub 8 Aug 2017 07:14:05 - 1.1032 > +++ src/distrib/miniroot/install.sub 28 Nov 2017 23:43:56 - > @@ -2732,12 +2732,6 @@ do_install() { > > echo > > + while :; do > + ask_password "Password for root account?" > + _rootpass="$_password" > + [[ -n "$_password" ]] && break > + echo "The root password must be set." > + done > > # Ask for the root user public ssh key during autoinstall. > _rootkey=
Re: [patch] upon install of new operating system version, do not set root password to empty string
On Tue, Nov 28, 2017 at 06:59:06PM -0500, Ian Sutton wrote: > This is a highly theoretical and experimental mitigation which stops the > root password on newly upgraded/installed systems from being an empty > string. The thinking is that by not shipping an operating system with a > known root password, certain classes of attacks involving logging into > the root account might be avoided. I would like some feedback from the > cryptography team as well as NIST finalists in order to better ascertain > the implications of this behaviour. Is this in response to https://mobile.twitter.com/lemiorhan/status/935578694541770752 ? > Index: src/distrib/miniroot/install.sub > === > RCS file: /cvs/src/distrib/miniroot/install.sub,v > retrieving revision 1.1032 > diff -u -p -r1.1032 install.sub > --- src/distrib/miniroot/install.sub 8 Aug 2017 07:14:05 - 1.1032 > +++ src/distrib/miniroot/install.sub 28 Nov 2017 23:43:56 - > @@ -2732,12 +2732,6 @@ do_install() { > > echo > > + while :; do > + ask_password "Password for root account?" > + _rootpass="$_password" > + [[ -n "$_password" ]] && break > + echo "The root password must be set." > + done > > # Ask for the root user public ssh key during autoinstall. > _rootkey= >
[patch] upon install of new operating system version, do not set root password to empty string
This is a highly theoretical and experimental mitigation which stops the root password on newly upgraded/installed systems from being an empty string. The thinking is that by not shipping an operating system with a known root password, certain classes of attacks involving logging into the root account might be avoided. I would like some feedback from the cryptography team as well as NIST finalists in order to better ascertain the implications of this behaviour. Index: src/distrib/miniroot/install.sub === RCS file: /cvs/src/distrib/miniroot/install.sub,v retrieving revision 1.1032 diff -u -p -r1.1032 install.sub --- src/distrib/miniroot/install.sub8 Aug 2017 07:14:05 - 1.1032 +++ src/distrib/miniroot/install.sub28 Nov 2017 23:43:56 - @@ -2732,12 +2732,6 @@ do_install() { echo + while :; do + ask_password "Password for root account?" + _rootpass="$_password" + [[ -n "$_password" ]] && break + echo "The root password must be set." + done # Ask for the root user public ssh key during autoinstall. _rootkey=