Subject: Re: NetBSD master CVS tree commits
To: None <current-users@NetBSD.ORG>
From: matthew green <email@example.com>
Date: 02/22/1997 19:18:39
thorpej made cvs say:
If root has no password, don't lock the operator out of single-user
mode if the console is "insecure".
i'm not sure i like this, from a `security' point of view. if i have
marked the console as insecure, then by hell i want netbsd to do it's
best to keep the bad guys out! and that includes *me* until i
authenticate myself. security systems should *always* fail closed
(though, it's somewhat of a stretch to consider this to be failure :-).
IMO, `insecure console' and `no root password' situations are generally
going to be caused by pilot error, and `reducing' the security of the
system to work around this is a bad idea.