Subject: Re: NetBSD master CVS tree commits
To: None <email@example.com>
From: Andrew Gillham <firstname.lastname@example.org>
Date: 02/22/1997 13:04:39
Jason R. Thorpe wrote:
> In a situation where there _was_ pilot error, I think there's an argument
> to be made for recoverability...
> Well, "you're the boss" with the security stuff... if you really strongly
> object to it, it can be backed out.
Well, if we won't allow root to login in *single-user* because it
has no password, then why in all hell do we let it login in *multi-user*
with no password? Certainly the 'insecure' wouldn't allow a no password
login on the console, but that is not the only way to use a root account
with no password. So I configure my machine with "secure" root login
on a serial port or somesuch, and mark the console insecure. Gee, once
I drop to single-user, my serial port is *dead*, and my inadvertent no
password on root won't allow me in.
Basically what I'm saying is:
If with an 'insecure' console we allow single-user with the root password,
then we should allow single-user if the root password is *blank*.
I would think this falls under the principle of least astonishment. Why
"pretend" to have some security for single-user when there isn't even a
password on root?