[TriLUG] Ubuntu - great security - you'll love this
Ian Kilgore
ian at trilug.org
Mon Mar 13 16:50:07 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tanner Lovelace wrote:
|>From what I've read, this only seems to affect Ubuntu Breezy and
| not previous or later releases. It would also affect Dapper installations
| that have upgraded from Breezy. Upgrading the passwd package
| (which should be in the normal updates, I assume) will fix the problem.
| (All of which was mentioned in the link Dan posted.)
|
| Cheers,
| Tanner
The Ubuntu installer logged all questions asked and answered. The first
user's password was an installer question. The answer gets logged.
Joy! However, it is /not/, as some slashdotters seem to think, as
blatant as "fprintf(log, "The root password is: %s\n", password);" =D
It was more like Something Ian Would Do(tm), which involves forgetting a
whole lot of things ;]
btw, for the other slashdotters, who have been complaining "the updates
only fix the installer, what about the logs? (from the advisory):
"The updated packages remove the passwords and additionally make the
log files readable only by root."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEFekPwsRpgTiXSOERAo9iAJ93XjajRNiWTvo8Cj0mAcMoOzS1HwCgyeyi
vMOiJpgkm8+CMGbNCKFCtQE=
=aQNW
-----END PGP SIGNATURE-----
More information about the TriLUG
mailing list