On 08/20/2014 10:55 AM, Ondřej Surý wrote:
> So instead of improving the default debian template and fixing it for
> everyone you just fixed the issue in your own code. That's not the way
> we are ought to do the packaging
instead of assuming bad faith, you could go with what really happened:
On Tue, Aug 19, 2014, at 18:39, Daniel Baumann wrote:
> tag 758643 pending
> forwarded 758643 https://github.com/lxc/lxc/issues/302
> thanks
>
> On 08/19/2014 05:10 PM, Ondřej Surý wrote:
> > Attached is a simple fix that generates random password using pwgen
> > package.
>
> my lxc-debconfig pre
On 08/19/2014 06:39 PM, Daniel Baumann wrote:
> my lxc-debconfig previously used as lxc-debian used to use /dev/random
> for mac address thus not having a depends on anything, similar could be
> done for a random password
in fact, it also did it for the root password:
---snip---
[...]
# Create a
Processing commands for cont...@bugs.debian.org:
> tag 758643 pending
Bug #758643 [lxc] lxc-create creates vulnerable system in default debian
template
Added tag(s) pending.
> forwarded 758643 https://github.com/lxc/lxc/issues/302
Bug #758643 [lxc] lxc-create creates vulnerable system in default
tag 758643 pending
forwarded 758643 https://github.com/lxc/lxc/issues/302
thanks
On 08/19/2014 05:10 PM, Ondřej Surý wrote:
> Attached is a simple fix that generates random password using pwgen
> package.
my lxc-debconfig previously used as lxc-debian used to use /dev/random
for mac address thus
Package: lxc
Version: 1:1.0.5-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
lxc-create will by default set root password to 'root'.
This is a horrible practice and together with default installation of
openssh-server with PermitRootLogin yes create a security h
6 matches
Mail list logo
