A Topic that needs to be discussed on next the QA meeting..
Andrew Farris
lordmorgul at gmail.com
Tue Mar 18 11:34:32 UTC 2008
Alan Cox wrote:
> On Tue, Mar 18, 2008 at 01:38:56AM -0700, Andrew Farris wrote:
>> Well, thats true, but firstboot could disable ssh for root once a user
>> account is created (unless a checkbox was left enabled or something).. and
>> you'd still get perfectly acceptable behavior for headless installs.
>
> Root isn't the high risk. User accounts and sshd bugs are the high risk.
Well I understand why those are a high risk, but with root at least the attacker
knows the username, normal usernames is a double blind brute force right? I
know my own system used to see many more root attempts than anything else, and a
typical desktop user of the inexperienced kind is going to have the same root
password and user password. If root is allowed to login remotely its *a risk*
at least.
--
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3
No one now has, and no one will ever again get, the big picture. - Daniel Geer
---- ----
More information about the fedora-test-list
mailing list