subject:"\[patch\] upon install of new operating system version, do not set root password to empty string"

Re: [patch] upon install of new operating system version, do not set root password to empty string

2017-12-04 Thread Stefan Sperling

On Sun, Dec 03, 2017 at 08:31:34AM +, Robert Peichaer wrote:
> This is the exact code, that is already in install.sub.
> So I don't understand this proposal.
> 
> -- 
> -=[rpe]=-

It's a joke diff only Mac users would have the capacity to understand.
See https://mobile.twitter.com/lemiorhan/status/935578694541770752

Re: [patch] upon install of new operating system version, do not set root password to empty string

2017-12-04 Thread Rodrigo Mosconi

2017-11-28 21:59 GMT-02:00 Ian Sutton :

> This is a highly theoretical and experimental mitigation which stops the
> root password on newly upgraded/installed systems from being an empty
> string. The thinking is that by not shipping an operating system with a
> known root password, certain classes of attacks involving logging into
> the root account might be avoided. I would like some feedback from the
> cryptography team as well as NIST finalists in order to better ascertain
> the implications of this behaviour.
>


I could install a system with empty root password, but with a ssh key

Re: [patch] upon install of new operating system version, do not set root password to empty string

2017-12-03 Thread Robert Peichaer

On Wed, Nov 29, 2017 at 08:06:39AM +0100, Otto Moerbeek wrote:
> On Tue, Nov 28, 2017 at 06:59:06PM -0500, Ian Sutton wrote:
> 
> > This is a highly theoretical and experimental mitigation which stops the
> > root password on newly upgraded/installed systems from being an empty
> > string. The thinking is that by not shipping an operating system with a
> > known root password, certain classes of attacks involving logging into
> > the root account might be avoided. I would like some feedback from the
> > cryptography team as well as NIST finalists in order to better ascertain
> > the implications of this behaviour.
> 
> Hmm, but afaiks, this is already done on install. What does you diff change?
> 
>   -Otto
> 
> > 
> > Index: src/distrib/miniroot/install.sub
> > ===
> > RCS file: /cvs/src/distrib/miniroot/install.sub,v
> > retrieving revision 1.1032
> > diff -u -p -r1.1032 install.sub
> > --- src/distrib/miniroot/install.sub8 Aug 2017 07:14:05 -   
> > 1.1032
> > +++ src/distrib/miniroot/install.sub28 Nov 2017 23:43:56 -
> > @@ -2732,12 +2732,6 @@ do_install() {
> >  
> > echo
> >  
> > +   while :; do
> > +   ask_password "Password for root account?"
> > +   _rootpass="$_password"
> > +   [[ -n "$_password" ]] && break
> > +   echo "The root password must be set."
> > +   done
> >  
> > # Ask for the root user public ssh key during autoinstall.
> > _rootkey=

This is the exact code, that is already in install.sub.
So I don't understand this proposal.

-- 
-=[rpe]=-

Re: [patch] upon install of new operating system version, do not set root password to empty string

2017-11-28 Thread Otto Moerbeek

On Tue, Nov 28, 2017 at 06:59:06PM -0500, Ian Sutton wrote:

> This is a highly theoretical and experimental mitigation which stops the
> root password on newly upgraded/installed systems from being an empty
> string. The thinking is that by not shipping an operating system with a
> known root password, certain classes of attacks involving logging into
> the root account might be avoided. I would like some feedback from the
> cryptography team as well as NIST finalists in order to better ascertain
> the implications of this behaviour.

Hmm, but afaiks, this is already done on install. What does you diff change?

-Otto

> 
> Index: src/distrib/miniroot/install.sub
> ===
> RCS file: /cvs/src/distrib/miniroot/install.sub,v
> retrieving revision 1.1032
> diff -u -p -r1.1032 install.sub
> --- src/distrib/miniroot/install.sub  8 Aug 2017 07:14:05 -   1.1032
> +++ src/distrib/miniroot/install.sub  28 Nov 2017 23:43:56 -
> @@ -2732,12 +2732,6 @@ do_install() {
>  
>   echo
>  
> + while :; do
> + ask_password "Password for root account?"
> + _rootpass="$_password"
> + [[ -n "$_password" ]] && break
> + echo "The root password must be set."
> + done
>  
>   # Ask for the root user public ssh key during autoinstall.
>   _rootkey=

Re: [patch] upon install of new operating system version, do not set root password to empty string

2017-11-28 Thread Stefan Sperling

On Tue, Nov 28, 2017 at 06:59:06PM -0500, Ian Sutton wrote:
> This is a highly theoretical and experimental mitigation which stops the
> root password on newly upgraded/installed systems from being an empty
> string. The thinking is that by not shipping an operating system with a
> known root password, certain classes of attacks involving logging into
> the root account might be avoided. I would like some feedback from the
> cryptography team as well as NIST finalists in order to better ascertain
> the implications of this behaviour.

Is this in response to
https://mobile.twitter.com/lemiorhan/status/935578694541770752 ?
 
> Index: src/distrib/miniroot/install.sub
> ===
> RCS file: /cvs/src/distrib/miniroot/install.sub,v
> retrieving revision 1.1032
> diff -u -p -r1.1032 install.sub
> --- src/distrib/miniroot/install.sub  8 Aug 2017 07:14:05 -   1.1032
> +++ src/distrib/miniroot/install.sub  28 Nov 2017 23:43:56 -
> @@ -2732,12 +2732,6 @@ do_install() {
>  
>   echo
>  
> + while :; do
> + ask_password "Password for root account?"
> + _rootpass="$_password"
> + [[ -n "$_password" ]] && break
> + echo "The root password must be set."
> + done
>  
>   # Ask for the root user public ssh key during autoinstall.
>   _rootkey=
>

[patch] upon install of new operating system version, do not set root password to empty string

2017-11-28 Thread Ian Sutton

This is a highly theoretical and experimental mitigation which stops the
root password on newly upgraded/installed systems from being an empty
string. The thinking is that by not shipping an operating system with a
known root password, certain classes of attacks involving logging into
the root account might be avoided. I would like some feedback from the
cryptography team as well as NIST finalists in order to better ascertain
the implications of this behaviour.

Index: src/distrib/miniroot/install.sub
===
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1032
diff -u -p -r1.1032 install.sub
--- src/distrib/miniroot/install.sub8 Aug 2017 07:14:05 -   1.1032
+++ src/distrib/miniroot/install.sub28 Nov 2017 23:43:56 -
@@ -2732,12 +2732,6 @@ do_install() {
 
echo
 
+   while :; do
+   ask_password "Password for root account?"
+   _rootpass="$_password"
+   [[ -n "$_password" ]] && break
+   echo "The root password must be set."
+   done
 
# Ask for the root user public ssh key during autoinstall.
_rootkey=

Re: [patch] upon install of new operating system version, do not set root password to empty string

Re: [patch] upon install of new operating system version, do not set root password to empty string

Re: [patch] upon install of new operating system version, do not set root password to empty string

Re: [patch] upon install of new operating system version, do not set root password to empty string

Re: [patch] upon install of new operating system version, do not set root password to empty string

[patch] upon install of new operating system version, do not set root password to empty string

6 matches

Site Navigation

Mail list logo

Footer information