Subject: Re: CVS commit: basesrc/bin/ksh
To: Lucio De Re <>
From: Bill Studenmund <>
List: tech-userlevel
Date: 09/26/2002 12:01:39
On Thu, 26 Sep 2002, Lucio De Re wrote:

> On Thu, Sep 26, 2002 at 02:50:35PM +0200, Lubomir Sedlacik wrote:
> >
> > there already is user with uid=0 and /bin/sh as a login shell.
> >
> That's a security hole and a proverbial PITA.  I thought it had been
> deprecated out of existence.  It's not what "su" defaults to, either.

toor has a, "don't use me," password. So how is a security *hole*. To give
it a password, you have to root, no? So the threshold at which toor can be
given a password is the same threshold at which a lot of other intrusions
can happen. How is this such a problem?

As for su, "su -m" (which is what I almost always use).

Take care,