Gentoo Handbook documents use of passwd kernel command line option which sets root password at some point in boot process when booted off official Gentoo installation media. This is useful together with dosshd option which starts sshd and thus allows for remote installation. The bad thing about this is that any user can read /proc/cmdline and learn root password, which may be not secure. By "any user" I mean also an attacker possibly gained normal user access because of some vulnerable application such as web-browser, which is especially important because some released media (Gentoo LiveDVD) are updated not so often. A simple grep -w passwd /proc/cmdline >/dev/null && chmod 400 /proc/cmdline (after the point when both /proc and /dev/null are available, of course) would mitigate the issue. I don't believe that applications running as unprivileged users would ever need read /proc/cmdline and the human user booted install media (or LiveDVD) can always gain root access anyway.
And if for whatever reason it is not possible to fix the issue, then I believe documentation should be updated to warn about possibility to read root password from /proc/cmdline when it is passed through passwd=... option.
In my opinion, this is a documentation issue not a technical issue. In any place we instruct a user to set passwd= we should also instruct them to hidpid=1 It's not our job to clean up after every potential mistake people can make.
(In reply to Rick Farina (Zero_Chaos) from comment #2) > In my opinion, this is a documentation issue not a technical issue. In any > place we instruct a user to set passwd= we should also instruct them to > hidpid=1 hidepid=[12] only protects /proc/$PID/cmdline. It does NOT protect /proc/cmdline.
livecd-tools: [master 35e6ad4] autoconfig: protect password in /proc/cmdline. Date: Fri Feb 24 16:46:45 2017 -0800 1 file changed, 1 insertion(+) Released as 2.3 in the tree, releng just needs to bump the catalyst inputs to use it.
