Request for Help on release preparation (identify packages with known security issues)
mwester at dls.net
Sat Jul 19 17:50:53 CEST 2008
Holger Freyther wrote:
> as it would be bad to release a distribution with publically known security
> issues I request your help to go through the list and help to identify
> packages with known security issues.
:) Someone just noted on IRC that it's probably a poor idea to enable
wifi without a root password set.
The easiest and quickest fix would be to patch in a standard root
password into the image (sample patches already exist in OE for other
distros). This would provide default security similar to that provided
by common consumer devices such as routers.
Another approach would be to craft some sort of script that would
disable SSH logins via the wireless interface if the root password is
empty. That might be really tricky; I'm not sure if SSH can do that,
much less dropbear.
More information about the devel