Kevin Funk [2008-06-24 15:48 -]:
I share the opinion of the reporters: it is a blatant security
hole because nobody expects this from a linux system.
Not at all. User/root passwords do not help in *any way* to protect
the system if you have local access and can reboot the machine (or
take
Is it possible to ask for a password even when no root password is set? Maybe
ask the password of uid=1000? I think this should be fixed for all users as its
a security hole.
I share the opinion of the reporters: it is a blatant security hole because
nobody expects this from a linux system.
Is it possible to ask for a password even when no root password is
set? Maybe ask the password of uid=1000
No. We need a way that users can reset their lost password
I think this should be fixed for all users as its a security hole
You need to do a lot more to create local security!
* Change
Copied to hardy-updates.
** Changed in: friendly-recovery (Ubuntu Hardy)
Status: Fix Committed = Fix Released
--
friendly-recovery drops to a root shell even when a root password is set
https://bugs.launchpad.net/bugs/220986
You received this bug notification because you are a member of
Am Donnerstag 15 Mai 2008 schrieb Martin Pitt:
Copied to hardy-updates.
** Changed in: friendly-recovery (Ubuntu Hardy)
Status: Fix Committed = Fix Released
why not to hardy-security? It is a security problem that needs to be fixed for
everybody.
--
Ernst Kloppenburg
Heimerdingen,
Ernst Kloppenburg [2008-05-15 6:20 -]:
why not to hardy-security? It is a security problem that needs to be fixed
for
everybody.
-updates is enabled by default, so unless you explicitly disabled it,
you will get it. Also, it's really at the edge of being called
'security' -- if you just
** Tags added: verification-done
** Tags removed: verification-needed
--
friendly-recovery drops to a root shell even when a root password is set
https://bugs.launchpad.net/bugs/220986
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Accepted into -proposed, please test and give feedback here
** Tags added: verification-needed
--
friendly-recovery drops to a root shell even when a root password is set
https://bugs.launchpad.net/bugs/220986
You received this bug notification because you are a member of Ubuntu
Bugs, which is
where can I find the updated package?
I looked in
http://archive.ubuntu.com/ubuntu/pool/main/f/friendly-recovery/
and in
http://archive.ubuntu.com/ubuntu/dists/hardy-proposed/main/binary-i386/Packages.gz
Am Freitag 09 Mai 2008 schrieb Martin Pitt:
Accepted into -proposed, please test
I followed steps 5 through 7 of the updated description above (using
friendly-recovery Version: 0.1.2)
It works as expected now: it does ask for the root password
pressing control-D instead of giving the root password brings you back
to selection screen.
--
friendly-recovery drops to a root
This bug was fixed in the package friendly-recovery - 0.2.2
---
friendly-recovery (0.2.2) intrepid; urgency=low
* usr/share/recovery-mode/options/root:
- use /sbin/sulogin to get a shell (LP: #220986)
-- Michael Vogt [EMAIL PROTECTED] Thu, 08 May 2008 11:33:29
+0200
**
** Also affects: friendly-recovery
Importance: Undecided
Status: New
--
friendly-recovery drops to a root shell even when a root password is set
https://bugs.launchpad.net/bugs/220986
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Here is the hardy debdiff:
diff -Nru friendly-recovery-0.1/debian/changelog
friendly-recovery-0.1.1/debian/changelog
--- friendly-recovery-0.1/debian/changelog 2008-04-11 13:17:48.0
+0200
+++ friendly-recovery-0.1.1/debian/changelog2008-05-08 11:40:13.0
+0200
@@ -1,3
Uploaded to hardy-proposed, waiting for approval
** Changed in: friendly-recovery (Ubuntu Hardy)
Importance: Undecided = High
Status: New = Fix Committed
** Changed in: friendly-recovery
Assignee: (unassigned) = Michael Vogt (mvo)
Status: New = Fix Released
** Changed in:
This is a regression -- the root password (if it is set) needs to be
required for a root prompt, just as the old recovery was done.
** Changed in: friendly-recovery (Ubuntu)
Importance: Undecided = High
Assignee: (unassigned) = Michael Vogt (mvo)
Target: None = ubuntu-8.04.1
--
Correct, i have set a root password, too. In early versions i ask for
password if set.
--
friendly-recovery drops to a root shell even when a root password is set
https://bugs.launchpad.net/bugs/220986
You received this bug notification because you are a member of Ubuntu
Bugs, which is
The maintainers consider it a feature!!! This bug has been reported
earlier, e.g. #10662, more than three years ago.
I share the opinion of the reporters: it is a blatant security hole
because nobody expects this from a linux system.
There are more security holes like that when you can edit the
Bug #10662 is similar to this one, but not the same. Bug #10662
describes that you can can boot into a root shell with the recovery
mode, when no password for root is set. This one here shows that this is
possible even though a password for root is set.
--
friendly-recovery drops to a root
after remove friendly-recovery it will ask for password
** Changed in: friendly-recovery (Ubuntu)
Status: New = Confirmed
--
friendly-recovery drops to a root shell even when a root password is set
https://bugs.launchpad.net/bugs/220986
You received this bug notification because you are
** Attachment added: Dependencies.txt
http://launchpadlibrarian.net/13836790/Dependencies.txt
** Visibility changed to: Public
--
friendly-recovery drops to a root shell even when a root password is set
https://bugs.launchpad.net/bugs/220986
You received this bug notification because you
20 matches
Mail list logo