> My doubts may seem fool, so thanks in advance for those who will read > this e-mail and may help me with my doubts. > > 1. Why doesn't passwd ask superuser's current password when it's run > by the superuser to change its own password? May not it be considered > a serious security flaw?
Oh come on. Are you serious? Why ask for the old password when that same user can just rm -rf / > 2. Why doesn't the system ask the password, as a default action, to > log in the system, when entering in single user mode? May not it also > be considered a serious security flaw? And why doesn't exist a > different password to log in single user mode, instead of using root's > password? This can be changed very easily by removing the keyword "secure" from the console line in /etc/ttys For now, we ship with it open for the root password by default, because too many people want it so.
