In message <20020723100302.O278@goldberry.poofy.goof.com>, "Aaron J. Grier" wri
tes:
>On Tue, Jul 23, 2002 at 05:49:20AM -0400, Steven M. Bellovin wrote:
>> In message <20020722231901.M278@goldberry.poofy.goof.com>, "Aaron J. Grier" 
>writes:
>> >out of the box we generate security warnings...
>> >
>> >why do we bother shipping with a disabled toor account at all?
>> >
>> 
>> It lets you log in -- assuming you've set a password -- if csh is
>> damaged or deleted.
>
>right, but in that case shouldn't sysinst ask to set a password for
>toor, or at least mention it during installation?
>
Yup.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)