Replies: 2 comments 1 reply
-
|
Sorry we didn't respond to the Issue. We actually discussed this that day...the pros, cons, etc of different ways. Your discussion has brought our discussion back to life (honestly thank you always helps). So we'll discuss the reasons and thoughts. But regardless of things, you can always do a custom override for a check/fix to disable sudo in anyway you prefer. |
Beta Was this translation helpful? Give feedback.
-
|
We're coordinating with CIS as well. But in our testing if you use dsenableroot from the command line, it grants a secure token to the user. Which then you can't disable root until you remove the token. fdesetup removes the cryptotoken user, which you can confirm with So our new fix will be Our check will be to look for the existence of an AuthenticationAuthority for root. This should allow the function of sudo and other tools to behave what people would like. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Heya, I opened an issue around the way this is disabling the root account because it ultimately breaks
sudo -iwhich ends up being a security regression.#592
Would it be possible to get this addressed?
Beta Was this translation helpful? Give feedback.
All reactions