Password compromise in Ubuntu
Sarunas
sarunas at mail.saabnet.com
Tue Mar 28 14:20:12 EST 2006
Bill Sconce wrote:
> I meant to post this when I first encountered it -- by now everyone may
> already know about it. But if not...
>
> Ubuntu Breezy's installer keeps a log of what you tell it during the
> question-and-answer dialogue. This unfortunately includes the password
> you create for the first user. The first user has sudo privileges.
>
> I've used shred(1) on the log files on my Ubuntu systems. In the future
> I think it'll be a good idea to DELETE that first user after getting
> the real users set up. (In addition to trusting Ubuntu to have fixed
> the problem, which they have for Dapper.) You may want to adopt yet
> another approach. But for sure anyone running Ubuntu should know about
> the vulnerability.
As far as my experience tells, this only applies if non-expert install
mode was used.
--
Sarunas Burdulis
Systems Administrator
Department of Mathematics
313 Bradley Hall, Dartmouth College
(603) 646-9255
More information about the gnhlug-discuss
mailing list