Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 5 Mar 2009 10:15:50 -0500
From: "Michael K. Johnson" <johnsonm@...th.com>
To: oss-security@...ts.openwall.com
Subject: Re: lxc-sshd security issues?

On Wed, Mar 04, 2009 at 05:30:33PM -0500, Michael K. Johnson wrote:
> I have not received any response to this query upstream, and I
> was wondering if anyone else has noticed this issue, and if so,
> if they have any plans with regard to it.  rPath isn't shipping
> lxc at this point, so we have no plans for a security advisory.
> But does pre-configured account information including root and
> user passwords bother anyone else here?

I finally got the right contact info upstream, and we're talking
about this, so expect it to not be a problem in future releases.
For the record, it's dummy auth data, but still could be seen as a
backdoor, and will probably be changed to user-configured value.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.