root password

Bernardo Innocenti bernie at codewiz.org
Thu Jan 3 04:06:38 EST 2008 

Albert Cahalan wrote:

> I thought so to, but testing seems to show that pam_wheel.so
> will only protect transitions to the root account. It does not
> protect olpc, at least not without some undocumented option.

Are you thinking that we should disable the password for
the olpc user too?

Well, we should: if we don't, malicious activities will be
able to login as olpc :-)


>> Using just 2 shells was a way to save some memory.  Kids will
>> use none.  Whoever needs more can easily edit /etc/inittab.
> 
> Shall I write you a tty-watcher program in assembly code?
> 
> This really shouldn't cost much memory. Even with glibc,
> I doubt the dirty memory was all that much.
> 
> BTW, I'm serious about the assembly code.

Well, if it's just for fun... but I think the Python developers
would not appreciate it :-)

Seriously, before we start coding solutions, let's first reach
consensus with the security team on how we should handle login.
Otherwise we risk wasting effort.

I quite like this "Press ESC twice for shell" solution.  Reminds
of the FidoNet era, if you're old enough to know what I'm
talking about.


>> Good point, but if we left just that in place, we'd have to
>> ask people to use the ugly text console more often, where the
>> keyboard works partially and there's no cut & paste.
> 
> It's not ugly if you ship the nice 15x30 font I made.

Where is it?  Does it include a decent amount of unicode
glyphs?  sun12x22 has too few of these, so it doesn't even
support many European languages.


> Cut-and-paste can be fixed, with the difficulty depending
> on how perfect you want it. One can run gpm. This can
> be started when a user logs in on the console. One could
> even write something to feed that into the X clipboard and
> back.

Yes, theoretically.  But we don't ship gpm and we don't want
to put much more effort on improving the console environment
that only UNIX die hards like me and you enjoy using when we
still have a journal that eats files and a mouse cursor that
flashes when you render below it.

I'm almost going to reiterate my old "black text on white bg"
console patch, which nobody seemed to appreciate :-)

-- 
 \___/
 |___|   Bernardo Innocenti - http://www.codewiz.org/
  \___\  One Laptop Per Child - http://www.laptop.org/

More information about the Devel mailing list