QubesOS/qubes-installer-qubes-os
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Do not allow to login as root in Dom0

Browse Source 
Anaconda apparently uses en empty password by default for root user -- this allows
for trivial bypass of the screenlocker in Dom0 -- just switch to a text console and log in as root
with empty password.

So, we tell anaconda to lock this root account.
This commit is contained in:
Joanna Rutkowska 2011-04-06 13:09:17 +02:00
parent d26b05710f
commit 46578f3f7d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
anaconda/users.py
View File

@ -96,7 +96,7 @@ class Users:
def __init__ (self, anaconda): def __init__ (self, anaconda):
self.anaconda = anaconda self.anaconda = anaconda
self.admin = libuser.admin() self.admin = libuser.admin()
self.rootPassword = { "isCrypted": False, "password": "", "lock": False } self.rootPassword = { "isCrypted": False, "password": "", "lock": True }
def createGroup (self, name=None, gid=None, root="/mnt/sysimage"): def createGroup (self, name=None, gid=None, root="/mnt/sysimage"):
childpid = os.fork() childpid = os.fork()