Root Password Readable in Clear Text with Ubuntu

BBitmaster writes "An extremely critical bug and security threat was discovered in Ubuntu Breezy Badger 5.10 earlier today by a visitor on the Ubuntu Forums that allows anyone to read the root password simply by opening an installer log file. Apparently the installer fails to clean its log files and leaves them readable to all users. The bug has been fixed, and only affects The 5.10 Breezy Badger release. Ubuntu users, be sure to get the patch right away."

Open source

[L505]

What's the problem? Open source passwords make it more secure.

The cyberpunk credo comes to mind...

[Anonymous Coward]

Information wants to be free

windows

[Chimera512]

see this is why i use windows. there are never security patches to install, just service packs which allow me to get new secutiry features like windows firewall. nothing beats windows security, and there's that helpful blue screen to tell me if something's gone wrong.

steenkin batchers

[Anonymous Coward]

Fuuuuck.

I knew I never should have trusted those badgers.

Smiling at me with their big cartoon teeth, eating up all the aspen, wanting to admin their own machines.

I've been a sap, and it's going to cost me.

And now I'm worried about the hedgehogs.

Re:okay

[MichaelSmith]

A patch in 2 hours for a massive security hole in an OS, on a sunday as mentioned earlier.

Sunday is probably peak development time for free software.

Open Password!

[aurb]

Contribute to Open Password comunity - release your passwords under the GPP (General Public Password) license! Because closed passwords are just series of * symbols - it's hard to use, share and modify them freely. :-)

Re:Open Password!

[AuMatar]

But my root password really is ********. I mean really, who the hell is going to guess that?

Re:Open source

[themoodykid]

Yes, exactly. If someone screws up your system, somebody else will come along and fix it for you. The many eyes make all bugs shallow or something. Think of it as a Wiki-style OS security.

Re:Saw this on Digg

[Anonymous Coward]

Although ironically how many people now have...

grep -ir myrootpass /*

...in their .bash_history file from checking their own system for this mistake?

UNIX mouse driver released

[L505]

Click? Since when did UNIX have mice.

Whew!

[cciRRus]

Good thing I'm using Windows.

Re:MOD PARENT UP

[optikSmoke]

Where else am i supposed to store my passwords?

/etc/motd?

(Just in case...)

Re:Solution

[GigsVT]

Let me guess, it runs grep -v yourPassword on the log file, which then gets entered into the bash history? :)

Re:Open source

[Anonymous Coward]

At a press conference, when asked how the Ubuntu team felt about dealing a massive blow to the public image of open source software, a member of the team responded, "Oops, our bad," and proceeded to play an animation of a badger eating a penguin.

Re:Patch mirror

[zcat_NZ]

echo "Why would anyone leave their root password hardcoded in a bash script" ; exit 1

Re:Choose strong obscure passwords

[grahamlee]

Hey, if we're thinking of the future, let's not use a fixed-width length field for the string at all! That way, we can never generate a string longer than the permitted length field. Let's just terminate the string by a known character sequence, and guarantee that that sequence doesn't appear in the string itself. We could use the \0 character as the terminator.

Re:first rule

[Vo0k]

> So they call me as they need the password for the isp access, "penis",

If you tried this on my system, it wouldn't work, it would say your password is too short.

troll

[Anonymous Coward]

Are those ubunto folks pretending to have users again?

Re:Saw this on Digg

[tolan-b]

While I wouldn't quite put it as trollfully as you have, I would agree with you that it wouldn't be my first choice for a server OS. That'd probably be Debian stable.