tech-security: Re: PRs 30923 and 31059

Subject: Re: PRs 30923 and 31059
To: Elad Efrat <elad@NetBSD.org>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: tech-security
Date: 02/20/2006 17:17:12

On Jul 1,  3:46pm, Elad Efrat wrote:
} Bernd Ernesti wrote:
} 
} > Where would you document that?
} > telnetd, login, ...?
} 
} afterboot?

     Here's a patch for afterboot(8):

--- afterboot.8.orig    2006-02-20 17:01:47.000000000 -0800
+++ afterboot.8 2006-02-20 17:08:24.000000000 -0800
@@ -123,6 +123,9 @@ Upon successful login on the console, yo
 .Dq We recommend creating a non-root account... .
 For security reasons, it is bad practice to login as root during
 regular use and maintenance of the system.
+In fact, the system will only let you login as root on a secure
+terminal.
+By default, only the console is considered to be a secure terminal.
 Instead, administrators are encouraged to add a
 .Dq regular
 user, add said user to the

} > Thats why I want to change the code.
} 
} if *that* is why then it's *really* a doc fix. :)

     Any other suggestions for places where it should be documented?

}-- End of excerpt from Elad Efrat