You are not logged in.

#1 2020-03-02 21:02:46

AlD
Member
Registered: 2020-01-19
Posts: 1

No password on rescue shell when using initcpio systemd hook

/etc/shadow in an initcpio that was created with the systemd hook enabled has a passwordless root account, i.e. passwordless rescue shell.

The initcpio used to include the actual system's /etc/passwd and /etc/shadow. I understand that this may not be desired for some systems at least, due to leaking usernames or weak passwords from an encrypted file system.

But wouldn't it be desirable to:
1) At least extract the root user's shadow entry into the initcpio?
or
2) Set an explicit separate rescue shell password in mkinitcpio.conf to be used for the root user in the initcpio?

Relevant commit introducing this behavior: https://git.archlinux.org/svntogit/pack … 793ae26fd3

Cheers

Offline

Board footer

Powered by FluxBB