[Fedora-livecd-list] A French Fedora LiveCD.
Jeremy Katz
katzj at redhat.com
Wed Mar 8 18:22:30 UTC 2006
On Wed, 2006-03-08 at 23:26 +0530, Rahul Sundaram wrote:
> Jeremy Katz wrote:
> >On Wed, 2006-03-08 at 08:29 -0500, J. Hartline wrote:
> >>Provide fedora and root usernames with blank passwords. Security is not
> >>a concern for a Live CD
> >
> >No! Security is very much a concern here. We need to make sure we
> >don't start a spread of worms from our live CD.
> >
> Auto login to a non administrative user called Fedora. How is that bad
> for security?
If you have ways to log in remotely, then it could allow for people to
log in and start running, eg, eggbots or any of a number of other things
if there's a blank password.
So it's not necessarily that auto-login to a non-administrative account
is bad (it probably does make sense). But just that thinking "oh,
security isn't a concern for a live cd" is not wise.
Jeremy
More information about the Fedora-livecd-list
mailing list