Hi,
not sure if this topic landed in the right area.. but here goes,
I downloaded the LMDE 201303rc from http://ftp.df.lth.se/pub/linuxmint/test ... bit-rc.iso
via the download section form linuxmint.com
there is imho a big issue/bug/feature which shouldnt be..
I discovered after installing this release that you can login without using password on root (since by default root is "disabled" by having no password) by switching to another console (eg: ctrl-alt-F1) and just type root then press enter and you are in..
While this require local physical access this is still a HUGE! security problem! anyone with access to the computer can get root access without any problem whatsoever.
I dont know if something went wrong with my installation that made this possible, even though I doubt it. I would be happy if anyone else has noticed this issue.
This only affects system where you have not set a root password manually by doing eg: sudo passwd
so if you are concerned about this, there are 2 ways to handle this.
1,)
(this is what I recommend you do.. no user with blank password should ever have access to your system anyway)
edit your /etc/pam.d/common-auth and find this line:
auth [success=1 default=ignore] pam_unix.so nullok_secure
and either comment out 'nullok_secure' like this
auth [success=1 default=ignore] pam_unix.so #nullok_secure
or simply erase 'nullok_secure'
2,)
set a password for the root account by eg: doing sudo passwd
I, tried to find any information about this on the foru, and through google but failed.. so either I suck at finding information or this is a new 1..
/ronny
root has access to console without password by default
Forum rules
LMDE 2 has reached end of support as of 1-1-2019
LMDE 2 has reached end of support as of 1-1-2019
-
apsvett
root has access to console without password by default
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: root has access to console without password by default
Are you meaning in the installed system or the Live session?
Linux Mint 21.1 Cinnamon
-
apsvett
Re: root has access to console without password by default
yes in the installed system, not the livecd..
caf4926 wrote:Are you meaning in the installed system or the Live session?
Re: root has access to console without password by default
And do you mean
And no password is requested?
Code: Select all
su -Linux Mint 21.1 Cinnamon
-
apsvett
Re: root has access to console without password by default
sorry maybe I didnt explain god enought.. I mean
u do CTRL-ALT-F1 (or any other F(x) console)
and this also mean it dosnt matter if anyone are logged in and locked the session or newly started system.
u do CTRL-ALT-F1 (or any other F(x) console)
and this also mean it dosnt matter if anyone are logged in and locked the session or newly started system.
caf4926 wrote:And do you mean
And no password is requested?Code: Select all
su -