The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Getting root on Linux

I fail to see how just adding an option for the user to set a LILO
password at install time prevents users from getting in to the system
to fix it...!

Manoj Srivastava <srivasta@datasync.com> writes:

> Hi,
> 	[snipped non-Debian addresses off]
> >>"Brian" == Brian White <bcwhite@verisim.com> writes:
> 
> Brian> Can we adjust LILO to ship with the password enabled by
> Brian> default, then? Presumably it can be set to requires password
> Brian> with no password being set so that it is simply impossible to
> Brian> boot with parameters without manually setting a password (or
> Brian> disabling it).
> 
> 	I am all for security, generally, but I think that the
>  requirement for the password should not be set unless the password
>  has been set by the user. (I would hate it if on upgradng LILO, I
>  can't get back into my machine when things fail).
> 
> 	You can't ram security down peoples throats. Also, security is
>  always a matter of trade offs, and we should think carefully before
>  assuming what tradeoffs are ``right''. 
> 
> 	The lilo config should mention this in loud, screaming banner
>  headlines, maybe. But systems should not ship such that the customer
>  can't get to the machine after misconfiguring xdm.
> 
> 	Also, this level of security may not be required in many
>  cases, for dial-up machines in peoples homes (if you get to my
>  keyboard, data security is least of my worries).
> 
> 	I would suggest we modfy liloconfig to ask for, and set, a
>  password, if the user so wishes, but never to require a password with
>  no password provided.
> 
> 	manoj
> -- 
>  I can't drive 55.
> Manoj Srivastava               <url:mailto:srivasta@acm.org>
> Mobile, Alabama USA            <url:http://www.datasync.com/%7Esrivasta/>
> 
> 
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-private-request@lists.debian.org . 
> Trouble?  e-mail to templin@bucknell.edu .
> 

-- 
John Goerzen          | Running Debian GNU/Linux (www.debian.org)
Custom Programming    | Debian GNU/Linux is a free replacement for
jgoerzen@complete.org | DOS/Windows -- check it out at www.debian.org.
----------------------+----------------------------------------------
Notice: You may purchase the right to send me unsolicited commercial e-mail
("spam") for the fee of $500 (USD) per message.  Billing can be either
pre-arranged or can occur automatically after the reception of a spam.
Failure to pay will be treated in accordance to US Code, title 47, sec. 227,
which allows unsolicited e-mail to be punishable by action to recover actual
monetary loss or $500, whichever is greater, per violation.  Sending spam
to me without payment constitutes unauthorized access to my mail daemon,
which is in violation of federal law.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .