Hi all, On Mon, Dec 06, 2021 at 12:33:21PM -0500, Ben Cotton wrote: > https://fedoraproject.org/wiki/Changes/FixRescueMode > > == Summary == > Fedora defaults to locking the root account, which is needed by > single-user mode. This Change uses `sulogin --force` so the password > request is bypassed under this circumstance. > Thanks for all the feedback. Going to do a reply here rather than in individual subthreads since I'm responding to several suggestions.
For those who thinks this is a security concern (granted, not a new one,
but one that is more convenient), requiring some password seems to be
the way out
- do we want to allow any /local/ %wheel users to log in?
- or do we want to use a recovery passphrase of some sort?
- TPM dependencies might not be appropriate
I'm leaning towards not rushing this and delaying to F37; Chris Murphy
raised a good question on whether the current bypass is fine for CoreOS
or not.
For F36 - I agree that it's better to *not* have a rescue mode than a
broken one. How about this as an end state we can realistically achieve:
- if the root password is set, rescue mode should appear in the GRUB
menu
- if the root password is not set
- rescue mode should not be listed
- if someone tries to invoke it, it should display an error rather
than prompting for a non-existent password
If that seems reasonable, we can figure out where to put the hooks next.
Best regards,
--
Michel Alexandre Salim
profile: https://keyoxide.org/[email protected]
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
