Bug 703917 - Unauthenticated remote network login during install
Summary: Unauthenticated remote network login during install
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: anaconda
Version: 5.6
Hardware: s390
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Anaconda Maintenance Team
QA Contact: Release Test Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-11 16:24 UTC by Philip Rowlands
Modified: 2011-05-27 12:25 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-18 19:42:29 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Philip Rowlands 2011-05-11 16:24:54 UTC 
During RHEL s390 installs, unauthenticated root access is provided over the network via telnet (xinetd) and ssh (sshd). For interactive installs this access is required for the first and second stage installer dialogs.

However, during unattended kickstart installations (where RUNKS=1 is specified), the ability to log in as root with no password is a potential security hole.

Suggested fix is to extend RUNKS or add a new variable to support the notion of "kickstart without network login".
Comment 1 David Cantrell 2011-05-18 19:42:29 UTC 
It's too late in the RHEL-5 development cycle to introduce a change like this.  We should address this first in Fedora, then a backport to the RHEL code can be determined.
Comment 2 Philip Rowlands 2011-05-27 12:25:37 UTC 
RHEL 5 is in the "Production 1" phase of the Life Cycle, but "qualified security errata" are issued even into "Production 3". 

If unauthenticated root login over the network isn't an important security issue, I don't know what is...
Note You need to log in before you can comment on or make changes to this bug.