Subject: Re: Changing root's shell to /bin/sh
To: Greg Hudson <ghudson@MIT.EDU>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: current-users
Date: 03/16/1999 15:45:51
Greg Hudson writes:
>On another note, Perry and Thor had this bit of non-communication:
>>> toor typically had no password.
>> Um, you should really check your facts before you go spewing
>> nonsense like this.
>
>When you see someone saying something "obviously wrong" like this,
>stop a second and try to figure out if they might have just said it
>ambiguously. Perry obviously meant "there typically exists no
>password will let you log in as toor," not, "toor typically had an
>empty second field in the passwd file."
That's not the natural interpretation. And it'd make some sense, if it
weren't for allegations that there is a legitimate pasecurity concern
here.
Greg, just how does an account to which *no* password can ever grant
access (save for su'ing from root, which means you're already root)
constitute a security issue?