Subject: Re: toor
To: Aaron J. Grier <agrier@poofygoof.com>
From: Steven M. Bellovin <smb@research.att.com>
List: netbsd-users
Date: 07/23/2002 13:10:02
In message <20020723100302.O278@goldberry.poofy.goof.com>, "Aaron J. Grier" wri
tes:
>On Tue, Jul 23, 2002 at 05:49:20AM -0400, Steven M. Bellovin wrote:
>> In message <20020722231901.M278@goldberry.poofy.goof.com>, "Aaron J. Grier"
>writes:
>> >out of the box we generate security warnings...
>> >
>> >why do we bother shipping with a disabled toor account at all?
>> >
>>
>> It lets you log in -- assuming you've set a password -- if csh is
>> damaged or deleted.
>
>right, but in that case shouldn't sysinst ask to set a password for
>toor, or at least mention it during installation?
>
Yup.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)