#5058 NORM Never A: root password is empty and identical on all XO's
Zarro Boogs per Child
bugtracker at laptop.org
Wed Nov 21 13:26:51 EST 2007
#5058: root password is empty and identical on all XO's
-----------------------+----------------------------------------------------
Reporter: gnu | Owner: mstone
Type: defect | Status: new
Priority: normal | Milestone: Never Assigned
Component: security | Version: Build 623
Resolution: | Keywords:
Verified: 0 |
-----------------------+----------------------------------------------------
Comment(by AlbertCahalan):
Since ssh is set to refuse log in to an account without a password,
leaving off the password is actually best.
It will work to restrict access to run particular SUID programs. There are
numerous possible fixes that do not involve setting randomized passwords.
a. When setting up an activity, do file-on-file bind mounts to cover of
the setuid programs
b. Enable the wheel group, and put olpc into it. The terminal activity
runs as olpc; the untrusted activities do not.
c. Set the PAM config to require that root log in on the bare Linux
console. (use Alt-Ctrl-Fn-2 to get there)
d. Switch the Bitfrost implementation from dynamic user IDs to dynamic SE
Linux contexts, then use that to prevent transtioning into a role that can
do any damage. (again excluding the Terminal activity)
--
Ticket URL: <http://dev.laptop.org/ticket/5058#comment:2>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list