Linux Mint Forums

[clem]

A very important bug has been found in mintAssistant 2.4 which was released as part of Linux Mint 5 Elyssa.

Explanation

When the root password is not set the root account is still active, and rather than this consequently preventing any root login, it actually means you can login as root without any password at all.

Cause

This regression is due to a change in behavior in passwd from Gutsy to Hardy and a request from the community after RC1 was released not to lock the root account (so that "sudo su -" is still possible).

Solution

- A fix has been released in mintAssistant 2.5. When you select not to use the root password, the root account is now given a randomly generated password.
- The ISO images for both the Main and Light Editions will be rebuilt to include this fix.

What you need to do

- Upgrade mintAssistant to version 2.5.
- Launch mintAssistant and choose whether you want to set a root password or not. If you choose not to, a random password will be assigned for you.

Edit by Husse//
I strongly recommend you to set a root password. If you don't you will not be able to use "Recovery mode" which is a powerful helper when things go wrong.

[Lantesh]

Clem,

I just wanted to let you know that mintUpdate still does not always show updates unless I open it, wait for it to do it's check, and then hit refresh again. After doing this mintAssistant 2.5 did indeed show up. In general I do still have to do this each time to see what updates are available.

Might I request that after you have posted the new .iso file for Mint 5 that you announce it in this thread as a follow up? Once it's ready I would like to download it again so my CD is up to date without this security flaw.

By the way I'm impressed that you found this and have a fix so quickly, considering it's only been a few days since launch. Thank you so much.

[clem]

Hi,

The two ISOs are now ready. I'll just pass them through some basic tests before uploading them to the server. They should be uploaded tomorrow during the day and from there picked up by the mirrors up to 48 hours later.

Clem.

[trod]

How do you launch mintassistant ?
Thanks

[exploder]

Go to > Control Center > System > mintassistant

[trod]

thanks but I removed it first before installing 2.5 and now it doesent show on that menu. Any other way to launch it?

[kenetics]

So are you saying if you HAVE set a root password there is no problem?

[exploder]

trod, right click on the menu and choose "Reload Plugins", that should get the menu item to appear.

[tawan]

fix is easy to do and worked for me

thanks Clem (and Cathbard)

[matheos]

since i have installed the last version of mintAssistant 2.5 in Elyssa, i don't need any password at all to use the "sudo" command......to do....whatever i want

i think than it was not like that before...

[cathbard]

So are you saying if you HAVE set a root password there is no problem?

That's exactly what he's saying. The bug occurs when you don't set a root password in mint assistant 2.4

[eeezzzeee]

Other than at install I have never actually used mintassistant, is this something that I can remove? or is an integral part of the distro?
I added a root password and it accepted it, and then I clicked on mint assistant again and to see what it did, and it asked me if i wanted to enable a root password.

*edit-
after a reboot it asked me for my user password to get into the mintassistant

[matheos]

Post by matheos on Wed Jun 11, 2008 8:55 pm
since i have installed the last version of mintAssistant 2.5 in Elyssa, i don't need any password at all to use the "sudo" command......to do....whatever i want

i think than it was not like that before...
since i have installed the last version of mintAssistant 2.5 in Elyssa, i don't need any password at all to use the "sudo" command......to do....whatever i want

i think than it was not like that before...

correction : it's cause i've did sudo su one time before..... but i really have to do a complete reboot before have the password request again on a sudo command

if i logout and relogin, the bug is still there... but not in a tty (CTRL+ALT+F1)

i have two zombie process ( gnome-terminal and sh ) i'm not able to kill them event with kill -9 command probably the source of the bug

[badmotor]

I have also had my mint assistant disappear - tried 'reload plugins' and it still didn't come back.

Any ideas?

[Sakonim]

I have also had my mint assistant disappear - tried 'reload plugins' and it still didn't come back.

Any ideas?

Have you tried getting to it from the standard gnome menu? You open it by doing alt + f1.