My doubts may seem fool, so thanks in advance for those who will read this e-mail and may help me with my doubts.
1. Why doesn't passwd ask superuser's current password when it's run by the superuser to change its own password? May not it be considered a serious security flaw? 2. Why doesn't the system ask the password, as a default action, to log in the system, when entering in single user mode? May not it also be considered a serious security flaw? And why doesn't exist a different password to log in single user mode, instead of using root's password? An real example: Let's suppose an attacker entered the room where an OpenBSD server is located in, and by mistake the system administrator has forgotten to logout the root login session. So the attacker could enter in single user mode, without the need for the root password, and load a malicious kernel module. He also could do millions of other things, but changing root's password, because the system administrator would notice it immediatelly. I believe it could be more difficult for the attacker if there were a different password to log in the system in single user mode. Thanks for the time wasted reading this e-mail and I'm sorry if my questions are too silly. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
