On Wed, Sep 22, 2010 at 09:05:37 +0100, Adam Williamson <awilliam@xxxxxxxxxx> wrote: > > There's that, and logically speaking there's absolutely no reason to > have a root password on a live image. You need to be able to boot the > machine to run a live image, and any machine you can boot is a machine > on which you have root access (it's trivial enough to find some kind of > bootable media which gives you 'root' of some kind, or even to build > your own). The assumption that the person potentially getting root is able to boot the system is not be correct in all use cases. On a live image with an encrypted, persistent /home, you could in theory let someone else use the image after it was booted. (Who wouldn't be able to get /home mounted on their own.) They might not even being physically present at the machine the image is running on. If there is a compromise, not having a root password makes it trivial to escalate the compromise to root access. I think in situations where firstboot is run on live images, it probably is reasonable to set a root password. -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
