[CentOS] Getting ready for CentOS 5.4

Christopher Chan christopher.chan at bradbury.edu.hk
Mon Mar 30 06:37:28 UTC 2009


Michael A. Peters wrote:
> Christopher Chan wrote:
>
>   
>> start/stop' though from Intrepid onwards I believe. There is no root 
>> account by default.
>>     
>
> There is a root account, you just can't access it w/o setting it's password.
>   
Oh you can. sudo -i. Now go away.
> And as soon as you do set it's password, I highly recommend you then 
> completely disable and lock down the very insecure sudo defaults.
>   
And pick up the pieces. You do know that certain services are tightly 
tied into the way things are currently set up?
> The way OS X / ubuntu / etc configure sudo is something I highly 
> disagree with. By default, all a cracker needs is to get a local 
> uname/password for an admin user and he can then spawn a root shell.
>   
Not getting into that argument.
> With sudo disabled, the cracker must also have a local exploit that gets 
> past SELinux. Assuming Ubuntu supports SELinux (does it?)

Unfortunately, yes...but not as extensive as RHEL. So not quite a win 
for Ubuntu yet in helping you guys migrate. Soon I am going to get 
banned. :-D


More information about the CentOS mailing list