netbsd-users: Re: toor

Subject: Re: toor
To: NetBSD User's Discussion List <netbsd-users@netbsd.org>
From: Johan A. van Zanten <johan@ewranglers.com>
List: netbsd-users
Date: 07/23/2002 19:12:55
---In message <20020723185513.D5DC1AC@proven.weird.com>

>Apparently, Michael Kukat wrote:
>> And a very different point: Who really changes root's shell?

Greg Woods replied:
>I _always_ do so.

As a rule[1], i don't change root's login shell. I use:

 if [ -x /usr/local/bin/bash ]
 then
   exec /usr/local/bin/bash --login
 fi

... in root's .profile on the Solaris systems.  You could probably do some
more with that if you wanted to avoid running bash in single user mode,
(should /usr/local/bin/bash actually be there in single-user mode) and
check the run level (who -r).

On NetBSD, i started off being confused by what appeared to be a back-door
root account ("toor") as part of the default distribution.  But seeing
that the generic kernel was compiled by "toor@proxima", and one or two
searches of the NetBSD mail archives somewhat assuaged those
worries. Eventually then i decided it was an excellent way for me to get
root privs with bash[2], but still be able to leave root's default shell
alone. (Of course, this required changing toor's shell to bash...)

 IMHO, it would be a good idea to modify the default so that it doesn't
ship generating warnings. (Perhaps by changing toor's shell, as at least
one person has suggested.)

Verbosity:

[1]: Old UNIX Fart story:

 After ending up with an unbootable Pyramid, i have refrained from
changing root's shell.  It was running what felt a lot like v 1.0 of
Pyramid's SYSVile UNIX..  I think they called it something like "DC/OX."
This was 1994ish.  Anyway, the machine was weird.  It had an internal 40
MB HD (Yay! Let's add more single points of failure!)  that was supposed
to serve many of the same purposes as the OpenBOOT PROM in a SPARC, but
also appeared to have a lot more functionality.. Maybe even a
debugger. Anyway, i changed /bin/sh to /bin/csh and the machine wouldn't
boot.  Appeared some of the early startup scripts just expected to be fed
to sh, not csh.  (maybe /sbin/rc1 or something) Bleh.  Hour or two on the
phone with tech support and they talked me through changing it back. 

[2] For the first 6 years of my UNIX life, i was a csh and tcsh user.  I
switched to bash after i got tired of keeping two different shell syntaxes
(sh or ksh for scripting, and csh for CLI.)  in my head. (Along with all
the other weirdness up there.)
   For a long time, i avoided running tcsh and bash as root because i
hadn't "audited" the code. After years of using a fairly-heavily
renobberated ksh on Solaris machines, i changed my mind. I decided that
even temporary access to my user account would pretty easily convey into
root access.  Regardless of my authentication mechanism (su, ksu, kinit,
ssh) sooner or later, i would type a password that would give root
access.


 --johan