Linked by Thom Holwerda on Sun 12th Mar 2006 20:46 UTC, submitted by lotusleaf
Ubuntu, Kubuntu, Xubuntu A major, critical bug and possible security threat has been discovered in Ubuntu Breezy. Apparently, the 'root' password (not actually the root password because Ubuntu uses sudo) gets written into the installer's log files in clear text, and can be read by any account on the Ubuntu machine. The bug was first discovered and reproduced on the Ubuntu forums. The bug does not seem to affect Dapper, however, users upgrading from Breezy to Dapper might still be at risk because the log files are not modified. Update: Bug is fixed. Please upgrade.
Thread beginning with comment 103747
To read all comments associated with this story, please click here.
to root or not to root
by baafie on Sun 12th Mar 2006 20:51 UTC
baafie
Member since:
2006-01-23

.. the 'root' password (not actually the root password because Ubuntu uses sudo)..

So is it the root password or not?

Reply Score: 1

RE: to root or not to root
by mallard on Sun 12th Mar 2006 20:54 in reply to "to root or not to root"
mallard Member since:
2006-01-06

No, it is the password of a user with full sudo priviledges, which is just as bad as a root passoword.

Ubuntu has root locked down by default, so there is no root password.

Reply Parent Score: 4

RE: to root or not to root
by battlehorse on Sun 12th Mar 2006 20:59 in reply to "to root or not to root"
battlehorse Member since:
2005-07-06

Ubuntu does not let you know the password for the 'root' user ( the real root password ) so that the beginner user cannot log in as root and do some damage. However, ubuntu enables the user which installs the system to use the 'sudo' command which allows the execution of commands as the root user (this is done to avoid using the root account unless when really needed, for example when installing new packages). To use the sudo command you will have to use your user password (the one you decided at install time). This one is the password which is available in clear text.

So, as you can see, the effect is the same even if it isn't the root password.

Reply Parent Score: 3

RE: to root or not to root
by atsureki on Sun 12th Mar 2006 21:00 in reply to "to root or not to root"
atsureki Member since:
2006-03-12

Edit: Never mind. Other people have explained the issue.

Edited 2006-03-12 21:02

Reply Parent Score: 1