On 17 Mar 1999, Chris Jones wrote:

> >>>>> "Greg" == Greg A Woods <woods@most.weird.com> writes:
> 
> On Tuesday, March 16, 1999 at 23:18:10 (-0800), Jason Thorpe wrote:
> >> That's absolutely silly, hacking the security script for toor.
> 
> Greg> I'll say, and I'll even go further than that: it's a blatant
> Greg> compromise of the security checks to make an exception for
> Greg> "toor".

Dudes, we've been considering toor a root account since 1.0! The test (on
line 93 of $NetBSD: security,v 1.36$ which ignores toor (and root) when it
finds logins with uid 0 appeared in version 1.9 of the file, which shipped
with NetBSD 1.0.

All that's happened in the past few days is that I've changed a check a
few lines down to also not bitch about toor, and we've told everyone this
special case is present. :-)

> Yep.  But there seems to be a demand for making the exception for
> toor.  I've also heard people say that they should be able to make
> exceptions for other UID-0 users.

Right. That's why I put toor back, so that there'd be an example of how to
do this if a site wants to.

> Maybe, if we decide that the exception needs to be there, it should be
> in the form of a DUP_UID_EXCEPTIONS="toor" variable in
> /etc/security.conf.  Or something similarly configurable.  That way,
> if we ship a system without toor, that variable is set to an empty
> list -- if somebody adds a toor to my system, I get warned about it.
> But the people who have 5 different UID-0 accounts can add all of them
> to the list of exceptions, and they won't get the "little boy who
> cried wolf" symptoms.

I think this change is the cleanest. Sicen I didn't know how to do it, I
made the change the way I did. toor appears in two tests, the duplicate id
test, and the uid 0 test. So we should have two variables:
VALID_DUP_UIDS and VALID_ROOT_UIDS (so you could have multiple uid 10
accounts if you wished).

Take care,

Bill