Mailinglist Archive: opensuse-factory (710 mails)

[Stefan Seyfried <stefan.seyfried@xxxxxxxxxxxxxx>]

Am Sun, 19 Jun 2011 11:28:36 +0200
schrieb Kim Leyendecker <kimleyendecker@xxxxxxxxxx>:

> In the installer of openSUSE 11.4 (and I guess also in 11.3, 11.2 and 
> 11.1) the toolbox "log in with this user automaticly" or something like 
> this is choosen as default. That means, if you just click on "next" 
> during installation, you will auto log in with your user, when you start 
> your system. This happens without any password-check.
> This might be good for people who just want to work with their PC and 
> don&acute;t think about the system. But it&acute;s a big security risk. 
> Think of you got personal files on your harddrive, and your user is 
> logged-in automaticly. Now, other people can easy get access to your 
> /home dir. They just need to start your PC.
> So, please, disable this by default!
>
> To drop a potential security lack

Sorry, but this is bullshit.

If you just clicked "next", then you also did not password-protect your
GRUB setup and did not encrypt your $HOME.

So people can get at your files regardless of the users password.
They'll simply boot with "init=/bin/sh", remove the root password and eat
your cake.

> To care about the user´s security

The user password has not that much to do with security.
-- 
Stefan Seyfried

"Dispatch war rocket Ajax to bring back his body!"
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx