Thread: [Testing Squad] - April 2010
View Single Post
Jaffa's Avatar
Jaffa is offline Jaffa
2010-04-11 , 19:22
Posts: 2,535 | Thanked: 6,681 times | Joined on Mar 2008 @ UK
#22
Originally Posted by thp View Post
What's defined as "trivial attack vector", and which kind of password is to be prompted during installation? Isn't that a hassle for the user to always enter a password during installation (and maybe upgrade) of a daemon? (I'm specifically thinking of headphoned here, because this change would probably affect my package and cause more work with no real benefit for me or the user in the case of headphoned)
The most obvious example of a "trivial attack vector" being if OpenSSH server didn't prompt for a new root password. The factory root password of Maemo is well known, and the daemon is started at runtime.

headphoned doesn't listen on any remote port and only communicates with Bluetooth (AIUI, although it doesn't pause when my BT headphones disconnect, so maybe I misread that).

Perhaps it'd be better defined as "trivial remote attack vector"?
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
 

The Following User Says Thank You to Jaffa For This Useful Post: