[ On Tuesday, March 16, 1999 at 23:18:10 (-0800), Jason Thorpe wrote: ]
> Subject: Re: CVS commit: src 
>
> On Tue, 16 Mar 1999 18:09:44 -0800 
>  Jonathan Stone <jonathan@DSG.Stanford.EDU> wrote:
> 
>  > After Perry's request, I think the most sensible thing is to put toor
>  > back, and add the "grep -v ^toor:" fix to the security script.
> 
> That's absolutely silly, hacking the security script for toor.

I'll say, and I'll even go further than that: it's a blatant compromise
of the security checks to make an exception for "toor".

It's one thing to ship a default password file that includes two users
with uid==0.

However I fail to see what's "special" about such an account called
"toor" and why it should be any different than any other duplicate
uid==0 account.

It would be much better to just remove the duplicate superuser account
checking entirely instead of compromising it completely.

I personally think anyone who would call for "toor" to be added back
just because the default root shell was switched back to csh needs to
get a better grip on reality and probably shouldn't be allowed near
anything security sensitive (including a root password) until they do! ;-)
(and don't forget to lock them out of all the other back-door accounts
too! ;-)

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>