Subject: Re: NetBSD master CVS tree commits
To: Jason Thorpe <firstname.lastname@example.org>
From: Perry E. Metzger <email@example.com>
Date: 02/22/1997 17:53:15
I think the change was sensible. It is very hard to back out of the
situation and if there is no root password there is no security anyway
when the system is functioning normally.
Jason Thorpe writes:
> On Sat, 22 Feb 1997 19:18:39 +1100
> matthew green <firstname.lastname@example.org> wrote:
> > i'm not sure i like this, from a `security' point of view. if i have
> > marked the console as insecure, then by hell i want netbsd to do it's
> > best to keep the bad guys out! and that includes *me* until i
> > authenticate myself. security systems should *always* fail closed
> > (though, it's somewhat of a stretch to consider this to be failure :-).
> > IMO, `insecure console' and `no root password' situations are generally
> > going to be caused by pilot error, and `reducing' the security of the
> > system to work around this is a bad idea.
> In a situation where there _was_ pilot error, I think there's an argument
> to be made for recoverability...
> Well, "you're the boss" with the security stuff... if you really strongly
> object to it, it can be backed out.
> Jason R. Thorpe email@example.com
> NASA Ames Research Center Home: 408.866.1912
> NAS: M/S 258-6 Work: 415.604.0935
> Moffett Field, CA 94035 Pager: 415.428.6939