[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora-livecd-list] A French Fedora LiveCD.



On Wed, 2006-03-08 at 23:26 +0530, Rahul Sundaram wrote:
> Jeremy Katz wrote:
> >On Wed, 2006-03-08 at 08:29 -0500, J. Hartline wrote:
> >>Provide fedora and root usernames with blank passwords. Security is not 
> >>a concern for a Live CD
> >
> >No!  Security is very much a concern here.  We need to make sure we
> >don't start a spread of worms from our live CD.
> >
> Auto login to a non administrative user called Fedora. How is that bad 
> for security?

If you have ways to log in remotely, then it could allow for people to
log in and start running, eg, eggbots or any of a number of other things
if there's a blank password.

So it's not necessarily that auto-login to a non-administrative account
is bad (it probably does make sense).  But just that thinking "oh,
security isn't a concern for a live cd" is not wise.

Jeremy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]