[CentOS] Getting ready for CentOS 5.4

Christopher Chan christopher.chan at bradbury.edu.hk
Mon Mar 30 06:37:28 UTC 2009

Michael A. Peters wrote:
> Christopher Chan wrote:
>> start/stop' though from Intrepid onwards I believe. There is no root 
>> account by default.
> There is a root account, you just can't access it w/o setting it's password.
Oh you can. sudo -i. Now go away.
> And as soon as you do set it's password, I highly recommend you then 
> completely disable and lock down the very insecure sudo defaults.
And pick up the pieces. You do know that certain services are tightly 
tied into the way things are currently set up?
> The way OS X / ubuntu / etc configure sudo is something I highly 
> disagree with. By default, all a cracker needs is to get a local 
> uname/password for an admin user and he can then spawn a root shell.
Not getting into that argument.
> With sudo disabled, the cracker must also have a local exploit that gets 
> past SELinux. Assuming Ubuntu supports SELinux (does it?)

Unfortunately, yes...but not as extensive as RHEL. So not quite a win 
for Ubuntu yet in helping you guys migrate. Soon I am going to get 
banned. :-D

More information about the CentOS mailing list