__/ [ thorne25@xxxxxxxx ] on Monday 13 March 2006 16:08 \__
> Roy Schestowitz wrote:
>> __/ [ Edwin ] on Monday 13 March 2006 03:09 \__
>>
>> > On Sun, 2006-03-12 at 06:20 +0000, Lobo wrote:
>> >> http://www.ubuntu.com/testing/flight5
>> >>
>> >> "We are now in the final stages of Dapper Drake development. Everything
>> >> is stabilizing, and Ubuntu 6.04 will certainly be a top-notch
>> >> professional OS."
>> >>
>> >> Looking good. Maybe this will be the Linux distro that even tabby can
>> >> install ;-)
>> >
>> > Why would he have any problem with Breezy Badger? ...
>>
>>
>> Why? I'll tell you why...
>>
>> http://www.ubuntu.com/usn/usn-262-1
>
> I was already aware of that before I asked my question, thanks.
>
>> What they will not tell you is that silly Ubuntu programmers
>> /accidentally/ left a back door for root access. The first account to have
>> been created had a password stored in plain text in one of the log files.
>> Essentially, it is possibly that standard users on a particular machine
>> could snatch the root password. It is *NOT* a Linux issue, but
>> incompetence of just one team, which exposes the machine to its privileged
>> users.
>
> So this is really only an issue for machines with multiple users who
> know something about the Linux password system. OTOH, "In general, a
> standard system upgrade is sufficient to effect the necessary changes"
>
> In my case I'm the only user, and the system was upgraded as soon as my
> DSL was attached.
>
>> Mind you, Windows administrator access is easier to break. All you need to
>> do is boot from a floppy.
>
> Most Windows users don't bother with User accounts at all, from what
> I've seen, or even with an Admin password. Just turn on their
> machine and you're in. ;-)
>
>>
>> > ... I got it free in
>> > Linux Magazine, and it installed just fine for me, then it automatically
>> > installed 55 updates, and another 7 updates tonight.
>>
>>
>> If you had several users on that same machine, be sure to change the root
>> password.
>>
>> Best wishes,
>
> Thanks, Roy. I think the upgrade took care of it, but even so, it's
> not really a problem for me.
Some Windows users who feel threatened by the Linux wave blew it out of
propertion in Digg /et al/. They did the same to Mac OS X.
We have both realised that this issue affects only systems where users are
granted accounts although they cannot be trusted. I have two machines where
'foreign' accounts exist, but both secondary users are friends or
colleagues. One runs Hoary and one runs SuSE, so none was under jeopardy. In
fact, I would love to hear about 'distaster stories' as I doubt any shall
come up.
Weak password choices on non-admin accounts are probably the biggest hole in
(X)Ubuntu 5.10 (Badget), for those who have not upgraded (patched up) yet.
If I recall correctly, however, SSH daemon is unavailable and thus disabled
by default in Ubuntu installations.
Best wishes,
Roy
--
Roy S. Schestowitz | Useless fact: 85% of plant life in in the oceans
http://Schestowitz.com | SuSE Linux ¦ PGP-Key: 0x74572E8E
4:35pm up 5 days 9:12, 7 users, load average: 0.73, 0.66, 0.61
http://iuron.com - Open Source knowledge engine project
|
|
