Hello,

I would like to make aware of an aspect in current (and past?) Debian live image releases that
I perceive as security risk.

What I describe can be observed for example in Debian 11.6 live image (probably in any flavour, any
arch). A lot of people use live images nowadays for permanent use (e.g. with persistence), by which the
below becomes an issue.

The point is that these images are configured to let the default user switch to the root user (at least in effect) by entering "sudo -i", without asking for a password.

While some method for switching to root is clearly needed, the point is that no password is asked by default,
which makes it possible that, say, a script running as normal user can elevate its privileges
out of itself and unnoticed by the user.

Given that there will be instances where the human user, having created the persistent live
image, did not bother to change the default passwd and sudo setup, upon each such installation
a potentially attackable machine is created.

In my opinion therefore, the current default initial configuration of such images is somewhat dangerous
(too lax) _without any further provisions_. (In contrast: on a regular install the procedure
forces the user to choose a root password, thereby supporting the user in avoiding a careless security
hole.)

In my eyes, a suitable provision (for future images) for example would be to pop up a reminder during first
run saying that "Root privileges can be obtained like ... . The sudo configuration currently does ... .
And you should set a root password and disable or reconfigure sudo if you intend to use the system permanently.".
Alternatively (or additionally), a file with similar text could be placed on the desktop, etc.


Thomas

(I hope this makes sense, and am open for corrections if I overlooked something.)


[1] https://lists.debian.org/debian-cd/2013/06/msg00003.html

[2] https://lists.debian.org/debian-cd/2021/06/msg00031.html

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)