From 46578f3f7dbaeebf92b0761f953cd05314fe4b11 Mon Sep 17 00:00:00 2001
From: Joanna Rutkowska <joanna@invisiblethingslab.com>
Date: Wed, 6 Apr 2011 13:09:17 +0200
Subject: [PATCH] Do not allow to login as root in Dom0

Anaconda apparently uses en empty password by default for root user -- this allows
for trivial bypass of the screenlocker in Dom0 -- just switch to a text console and log in as root
with empty password.

So, we tell anaconda to lock this root account.
---
 anaconda/users.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/anaconda/users.py b/anaconda/users.py
index 67d15b2..1748dfd 100644
--- a/anaconda/users.py
+++ b/anaconda/users.py
@@ -96,7 +96,7 @@ class Users:
     def __init__ (self, anaconda):
         self.anaconda = anaconda
         self.admin = libuser.admin()
-        self.rootPassword = { "isCrypted": False, "password": "", "lock": False }
+        self.rootPassword = { "isCrypted": False, "password": "", "lock": True }
 
     def createGroup (self, name=None, gid=None, root="/mnt/sysimage"):
         childpid = os.fork()