Comment # 4 on bug 1029036 from 
(In reply to Andreas Stieger from comment #3)
> Content of /etc/issue is shown to VT logins.
> VT login implies physical access to the machine.
> 
> That means that an adversary in this case can already retrieve the same
> information from the machine, plug into the network or steal it outright.
> 
> I do not see how presenting this information to VT logins crosses a
> privilege boundary. If that information was critical, you could not show the
> distribution name, date, kernel, or hostname either.
> 
> I also see a legitimate use case of identifying the machine to VM host or
> data center operators.
> 
> As such I do not see a security issue, and see no need to change this
> default based on security reasons alone. Closing AUDIT. If you think
> otherwise, please present a security case.
> 
> Assigning to maintainer to handle this as a usability issue. But as usual,
> you can argue for what the default should be both ways. Thorsten?

That's anti-logic.

Having physical access can ease the process of getting root access. Does that
mean the login prompt should publish the root password too? As a whole - why is
it important at all to know the eth adapter name and IP address? How has linux
login been possible and not problematic for so many years and now suddenly it
has to be different?

The login is something crucial in any system, so it should not be a place that
provides additional info. On the contrary - it serves the purpose of
restricting access to information. So providing extra any information before
login is working against the very idea of having a restriction. It is
conceptually wrong.

You are receiving this mail because: