http://bugzilla.opensuse.org/show_bug.cgi?id=1029036
http://bugzilla.opensuse.org/show_bug.cgi?id=1029036#c4
--- Comment #4 from George Anchev
Content of /etc/issue is shown to VT logins. VT login implies physical access to the machine.
That means that an adversary in this case can already retrieve the same information from the machine, plug into the network or steal it outright.
I do not see how presenting this information to VT logins crosses a privilege boundary. If that information was critical, you could not show the distribution name, date, kernel, or hostname either.
I also see a legitimate use case of identifying the machine to VM host or data center operators.
As such I do not see a security issue, and see no need to change this default based on security reasons alone. Closing AUDIT. If you think otherwise, please present a security case.
Assigning to maintainer to handle this as a usability issue. But as usual, you can argue for what the default should be both ways. Thorsten?
That's anti-logic. Having physical access can ease the process of getting root access. Does that mean the login prompt should publish the root password too? As a whole - why is it important at all to know the eth adapter name and IP address? How has linux login been possible and not problematic for so many years and now suddenly it has to be different? The login is something crucial in any system, so it should not be a place that provides additional info. On the contrary - it serves the purpose of restricting access to information. So providing extra any information before login is working against the very idea of having a restriction. It is conceptually wrong. -- You are receiving this mail because: You are on the CC list for the bug.