On Tue, Nov 28, 2017 at 06:59:06PM -0500, Ian Sutton wrote: > This is a highly theoretical and experimental mitigation which stops the > root password on newly upgraded/installed systems from being an empty > string. The thinking is that by not shipping an operating system with a > known root password, certain classes of attacks involving logging into > the root account might be avoided. I would like some feedback from the > cryptography team as well as NIST finalists in order to better ascertain > the implications of this behaviour.
Is this in response to https://mobile.twitter.com/lemiorhan/status/935578694541770752 ? > Index: src/distrib/miniroot/install.sub > =================================================================== > RCS file: /cvs/src/distrib/miniroot/install.sub,v > retrieving revision 1.1032 > diff -u -p -r1.1032 install.sub > --- src/distrib/miniroot/install.sub 8 Aug 2017 07:14:05 -0000 1.1032 > +++ src/distrib/miniroot/install.sub 28 Nov 2017 23:43:56 -0000 > @@ -2732,12 +2732,6 @@ do_install() { > > echo > > + while :; do > + ask_password "Password for root account?" > + _rootpass="$_password" > + [[ -n "$_password" ]] && break > + echo "The root password must be set." > + done > > # Ask for the root user public ssh key during autoinstall. > _rootkey= >
