*BSD News Article 94878

Return to BSD News archive 

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.telstra.net!act.news.telstra.net!vic.news.telstra.net!sleipnir.iaccess.com.au!news.unimelb.edu.au!munnari.OZ.AU!news.Hawaii.Edu!news.caldera.com!enews.sgi.com!news.corp.sgi.com!news.sgi.com!su-news-hub1.bbnplanet.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!feed1.news.erols.com!news.nl.innet.net!INnl.net!feed1.news.innet.be!INbe.net!blue.news.pipex.net!pipex!stns.news.pipex.net!warm.news.pipex.net!pipex!hole.news.pipex.
net!pipex!news.utell.co.uk!usenet
From: brian@shift.utell.net (Brian Somers)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Root Password
Date: 30 Apr 1997 09:50:00 GMT
Organization: Awfulhak Ltd.
Lines: 34
Message-ID: <5k74k8$p26@ui-gate.utell.co.uk>
References: <18F8FF21930307C2.9C8789DEFA86E574.971B7B7D034EAE5D@library-proxy.airnews.net>
    <fred-ya02408000R2604971333350001@news.lightside.com>
    <5k2frr$fv7$2@polaris.eurocontrol.fr> <3365A2AB.2F1CF0FB@FreeBSD.org>
    <5k66e2$quc@lace.colorado.edu>
Reply-To: brian@awfulhak.org, brian@utell.co.uk
NNTP-Posting-Host: shift.utell.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Newsreader: knews 0.9.8
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:40092


In article <5k66e2$quc@lace.colorado.edu>,
	fcrary@rintintin.Colorado.EDU (Frank Crary) writes:
> In article <3365A2AB.2F1CF0FB@FreeBSD.org>,
> Jordan K. Hubbard <jkh@FreeBSD.org> wrote:
>>> But there is a small bug in 2.2.1 that makes login impossible when the root
>>> password is empty :-(
> 
>>Unless you're loading 2.2.1 from CDROM, in which case it was fixed there
>>as an 11th hour patch.
> 
> Somehow, I don't see this in the same light. This "bug" keeps a careless
> system administrator from leaving the password field empty, and allowing
> anyone to log in as root without needing a password. Such a "bug" closes
> a massive security hole, and I don't really see why anyone would want to
> "fix" it.

On a lot of my home installations I have no root password - even
on un-firewalled machines connected to the Internet.  As long
as everything except a few vtys is insecure and my account has
a password that nobody knows and is the only one in group wheel,
I'm safe.

I'm asking for it, but I'm safe.

It's nice to not have to dick around with passwords once
I've logged in once.

>                                                             Frank Crary
>                                                             CU Boulder

-- 
Brian <brian@awfulhak.org> <brian@freebsd.org>
      <http://www.awfulhak.org>
Don't _EVER_ lose your sense of humour !