F14 Beta RC3 images available for validation testing!
Bruno Wolff III
bruno at wolff.to
Wed Sep 22 13:56:10 UTC 2010
On Wed, Sep 22, 2010 at 09:05:37 +0100,
Adam Williamson <awilliam at redhat.com> wrote:
>
> There's that, and logically speaking there's absolutely no reason to
> have a root password on a live image. You need to be able to boot the
> machine to run a live image, and any machine you can boot is a machine
> on which you have root access (it's trivial enough to find some kind of
> bootable media which gives you 'root' of some kind, or even to build
> your own).
The assumption that the person potentially getting root is able to boot the
system is not be correct in all use cases.
On a live image with an encrypted, persistent /home, you could in theory let
someone else use the image after it was booted. (Who wouldn't be able to
get /home mounted on their own.) They might not even being physically
present at the machine the image is running on.
If there is a compromise, not having a root password makes it trivial to
escalate the compromise to root access.
I think in situations where firstboot is run on live images, it probably
is reasonable to set a root password.
More information about the desktop
mailing list