[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: piranha default password/exploit
From:       Matt Wilson <msw () REDHAT ! COM>
Date:       2000-04-27 4:26:11
[Download RAW message or body]

On Tue, Apr 25, 2000 at 06:36:52PM -0700, CDI wrote:
> OK, so they've fixed the poorly thought out system call that led to
> this compromise, but I'd suggest a change to the RPM spec file for the
> next build. Something like this should work? (Philip?) - force them to set
> a password during the installation process...

Sorry, interactive RPMS are not supported at all.  If you were to do
this, the installer would hang during the installation of the piranha
package, waiting for input on a virtual console that the user will
never see.  We prefer to leave web administration interfaces such as
piranha and linuxconf disabled by default.  The latest package of
piranha (piranha-0.4.14-1.i386.rpm) disables the web interface until
enabled by the system administrator.

Matt
--
msw@redhat.com
Installer Developer
OS Development, Red Hat Inc.

[prev in list] [next in list] [prev in thread] [next in thread]